+ Post New Thread
Results 1 to 13 of 13
US General Chat Thread, P2P copyright issue in United States (US) Specific Forums; We've just received a legal-looking complaint about a student sharing copyrighted content illegally via BitTorrent. I have a few concerns ...
  1. #1
    ronanian's Avatar
    Join Date
    Dec 2007
    Location
    Massachusetts, USA
    Posts
    88
    Thank Post
    18
    Thanked 2 Times in 2 Posts
    Rep Power
    14

    Exclamation P2P copyright issue

    We've just received a legal-looking complaint about a student sharing copyrighted content illegally via BitTorrent. I have a few concerns about our legal responsibility, what kind of Pandora's box we open with each possible response/action we take, and standing up for our students.

    The complaint came from our ISP (and said they received a complaint but did not identify the complainer) and was only able to identify our outbound IP address on our student network, which is of course shared by all the students.

    How have other college/university network administrators dealt with this problem?
    How do you find the IP address on your private network that's sharing a specific file? If I use the BitTorrent tracker for the file in question I can easily find our internet-facing IP address but of course I already know that address...


  2. #2

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,964
    Thank Post
    1,209
    Thanked 1,074 Times in 765 Posts
    Rep Power
    332
    Do you have a proxy server which the student network has to go through?
    How do you have the firewall configured?

    Do you allow all outbound ports on your firewall or are they directed through port 80?

    If you allow all outbound ports then then the student who has been using BitTorrent to exchange files will be able to direct out through any port that he/she wishes.

    How many workstations are used on the students network?

    apologies for all the questions but scenario seems a little vague. :-)

  3. #3

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,142
    Thank Post
    522
    Thanked 2,550 Times in 1,979 Posts
    Blog Entries
    24
    Rep Power
    877
    The uni I went to followed this rule for their network - P2P traffic was blocked and people hunted down if they tried to get around it. The extra burden of having to mess around with people's complaints was seen as not worth it.

  4. #4
    ronanian's Avatar
    Join Date
    Dec 2007
    Location
    Massachusetts, USA
    Posts
    88
    Thank Post
    18
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Those are some good questions...

    No proxy server.
    Firewall allows all outbound ports. Historically it has not been a problem but I guess that era is over.

    There's about 1400 computers registered to use the student network. They are mostly the students' own personal computers.

    I could start by blocking P2P-specific ports but aren't most P2P systems using encryption over TCP ports 80 and 443 nowadays anyway?

  5. #5

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,238
    Thank Post
    375
    Thanked 381 Times in 339 Posts
    Rep Power
    148
    Stick something like Snort :: Home Page on your network which will sniff and drop p2p packets.

  6. #6
    ronanian's Avatar
    Join Date
    Dec 2007
    Location
    Massachusetts, USA
    Posts
    88
    Thank Post
    18
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Can Snort handle encrypted traffic?

  7. #7

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,897
    Thank Post
    3,420
    Thanked 1,081 Times in 997 Posts
    Rep Power
    369
    Quote Originally Posted by ronanian View Post
    Can Snort handle encrypted traffic?
    what about traffic thats routed through something like torr or http tunnel and the likes ?

  8. #8

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,238
    Thank Post
    375
    Thanked 381 Times in 339 Posts
    Rep Power
    148
    Snort can't do much with encrypted traffic and I would think theres very little chance of any application decrypting all traffic.

  9. #9


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,681
    Thank Post
    279
    Thanked 783 Times in 610 Posts
    Rep Power
    224
    You could have the snort box discover which encrypted traffic is _likely_ to be p2p / tor by looking at where the connection is going, but accuracy will be a problem. Run non-blocking snort initially so you get an idea of the traffic passing through and spend time tuning the sensor. If nothing else, it'll alert you to compromised machines on your network.

    You may wish to look at PacketFence as well - PacketFence: Home

    You could use a proxy to run a man-in-the-middle attack for SSL, but that assumes your clients automatically trust certs issued by your inhouse CA. Since the kids own their laptops (right?), that's unlikely to be seamless. Check the legality in your area - much of it hinges on an AUP stating you do this.

    Do you have an AUP that the students / their parents sign? Does it have teeth? (i.e disciplinary measures taken if it's broken). Assuming you manage to track down the kid responsible, a good dressing down + bringing the parents in usually keeps their year group in check for up to 3 months (for that particular brand of misbehaviour).

  10. #10
    ronanian's Avatar
    Join Date
    Dec 2007
    Location
    Massachusetts, USA
    Posts
    88
    Thank Post
    18
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    They do own their own computers.

    I think our AUP merely says we can cut off access, no real teeth. However, I think we can probably make some noise and get some parents involved.

    I might be able to try to download the file that was complained about and use Snort or a transparent proxy or something like that, or maybe even just Wireshark/other packet sniffer, to determine who's communicating with my downloader...sounds awfully complicated, though.

  11. #11

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    I think you've got to do something even if it's not 100% successful. Could you setup a proxy server which only allows http/https? It will be a pain for users (you'll either have to give them details of how to configure their browser to talk to the proxy or set up WPAD) but you can justify it by explaining that some people have been breaking the law and this is the result.

    Once you start getting "cease and desist" letters I think you're leaving yourself wide open to prosecution if you don't show that you've tried to stop this going on.

    Was it a film that was downloaded? I get the feeling that the big studios are checking for abuse coming from academic IPs because they know that there are often lots of people there who might be pirating stuff. We get students doing it here but because every IP is public and tracked back to the student it's pretty easy to find the guilty party and hang them publicly :-)

  12. #12
    ronanian's Avatar
    Join Date
    Dec 2007
    Location
    Massachusetts, USA
    Posts
    88
    Thank Post
    18
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Yeah, it was a film.

    Checking my SonicWall for the largest bandwidth users, who are most likely the P2P culprits, I've found that they're using rogue IP addresses - it seems they're manually making up static IP addresses and ignoring our DHCP server (which includes an authentication mechanism before it assigns them a good DNS). I'm able to dig up the MAC addresses of those and block them at the firewall. I'm also able to use the MAC address to check for previous registrations with our DHCP server so I can see who they belong to. I'm hoping that they'll come to me asking why their connection isn't working anymore

    We'll see where it goes from there. I really don't want to add the workload involved in heavy enforcement, making everyone use a proxy, etc; we're a relatively tiny IT department for the quantity of users and systems we support here.

  13. #13

    JJonas's Avatar
    Join Date
    Jan 2008
    Location
    North Walsham, Norfolk
    Posts
    3,158
    Thank Post
    404
    Thanked 445 Times in 330 Posts
    Rep Power
    387
    In the UK there was a firm sending out threatening letters accusing people of downloading gay porn and offering them the chance to settle out of court for about £1000 figuring most people would pay up rather than go to court they had quite a lot of complaints about their tactics.
    Can they supply you with a copy of their evidence so you can track down the offender.

    http://news.bbc.co.uk/newsbeat/hi/te...00/7766448.stm
    Last edited by JJonas; 24th September 2009 at 02:00 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Legalities of P2P Downloads
    By CHR1S in forum General Chat
    Replies: 25
    Last Post: 23rd January 2009, 11:54 AM
  2. Reproduction and Copyright Issue
    By the_travisty in forum Web Development
    Replies: 2
    Last Post: 10th October 2007, 05:09 PM
  3. P2P File Sharing
    By Craig_W in forum Wireless Networks
    Replies: 12
    Last Post: 28th January 2007, 03:17 PM
  4. Firefox P2P plug-in
    By Dos_Box in forum Downloads
    Replies: 0
    Last Post: 29th January 2006, 08:43 PM
  5. P2P Traffic Filter
    By Peter in forum Wireless Networks
    Replies: 1
    Last Post: 8th January 2006, 11:34 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •