US General Chat Thread, P2P copyright issue in United States (US) Specific Forums; We've just received a legal-looking complaint about a student sharing copyrighted content illegally via BitTorrent. I have a few concerns ...
23rd September 2009, 03:56 PM #1
23rd September 2009, 04:28 PM #2
Do you have a proxy server which the student network has to go through?
How do you have the firewall configured?
Do you allow all outbound ports on your firewall or are they directed through port 80?
If you allow all outbound ports then then the student who has been using BitTorrent to exchange files will be able to direct out through any port that he/she wishes.
How many workstations are used on the students network?
apologies for all the questions but scenario seems a little vague. :-)
23rd September 2009, 04:34 PM #3
The uni I went to followed this rule for their network - P2P traffic was blocked and people hunted down if they tried to get around it. The extra burden of having to mess around with people's complaints was seen as not worth it.
23rd September 2009, 06:17 PM #4
Those are some good questions...
No proxy server.
Firewall allows all outbound ports. Historically it has not been a problem but I guess that era is over.
There's about 1400 computers registered to use the student network. They are mostly the students' own personal computers.
I could start by blocking P2P-specific ports but aren't most P2P systems using encryption over TCP ports 80 and 443 nowadays anyway?
23rd September 2009, 07:27 PM #5
Stick something like Snort :: Home Page on your network which will sniff and drop p2p packets.
23rd September 2009, 07:29 PM #6
Can Snort handle encrypted traffic?
23rd September 2009, 07:45 PM #7
what about traffic thats routed through something like torr or http tunnel and the likes ?
Originally Posted by ronanian
23rd September 2009, 07:48 PM #8
Snort can't do much with encrypted traffic and I would think theres very little chance of any application decrypting all traffic.
23rd September 2009, 08:00 PM #9
You could have the snort box discover which encrypted traffic is _likely_ to be p2p / tor by looking at where the connection is going, but accuracy will be a problem. Run non-blocking snort initially so you get an idea of the traffic passing through and spend time tuning the sensor. If nothing else, it'll alert you to compromised machines on your network.
You may wish to look at PacketFence as well - PacketFence: Home
You could use a proxy to run a man-in-the-middle attack for SSL, but that assumes your clients automatically trust certs issued by your inhouse CA. Since the kids own their laptops (right?), that's unlikely to be seamless. Check the legality in your area - much of it hinges on an AUP stating you do this.
Do you have an AUP that the students / their parents sign? Does it have teeth? (i.e disciplinary measures taken if it's broken). Assuming you manage to track down the kid responsible, a good dressing down + bringing the parents in usually keeps their year group in check for up to 3 months (for that particular brand of misbehaviour).
23rd September 2009, 09:14 PM #10
They do own their own computers.
I think our AUP merely says we can cut off access, no real teeth. However, I think we can probably make some noise and get some parents involved.
I might be able to try to download the file that was complained about and use Snort or a transparent proxy or something like that, or maybe even just Wireshark/other packet sniffer, to determine who's communicating with my downloader...sounds awfully complicated, though.
23rd September 2009, 10:39 PM #11
I think you've got to do something even if it's not 100% successful. Could you setup a proxy server which only allows http/https? It will be a pain for users (you'll either have to give them details of how to configure their browser to talk to the proxy or set up WPAD) but you can justify it by explaining that some people have been breaking the law and this is the result.
Once you start getting "cease and desist" letters I think you're leaving yourself wide open to prosecution if you don't show that you've tried to stop this going on.
Was it a film that was downloaded? I get the feeling that the big studios are checking for abuse coming from academic IPs because they know that there are often lots of people there who might be pirating stuff. We get students doing it here but because every IP is public and tracked back to the student it's pretty easy to find the guilty party and hang them publicly :-)
24th September 2009, 02:46 PM #12
Yeah, it was a film.
Checking my SonicWall for the largest bandwidth users, who are most likely the P2P culprits, I've found that they're using rogue IP addresses - it seems they're manually making up static IP addresses and ignoring our DHCP server (which includes an authentication mechanism before it assigns them a good DNS). I'm able to dig up the MAC addresses of those and block them at the firewall. I'm also able to use the MAC address to check for previous registrations with our DHCP server so I can see who they belong to. I'm hoping that they'll come to me asking why their connection isn't working anymore
We'll see where it goes from there. I really don't want to add the workload involved in heavy enforcement, making everyone use a proxy, etc; we're a relatively tiny IT department for the quantity of users and systems we support here.
24th September 2009, 02:57 PM #13
In the UK there was a firm sending out threatening letters accusing people of downloading gay porn and offering them the chance to settle out of court for about £1000 figuring most people would pay up rather than go to court they had quite a lot of complaints about their tactics.
Can they supply you with a copy of their evidence so you can track down the offender.
Last edited by JJonas; 24th September 2009 at 03:00 PM.
By CHR1S in forum General Chat
Last Post: 23rd January 2009, 12:54 PM
By the_travisty in forum Web Development
Last Post: 10th October 2007, 06:09 PM
By Craig_W in forum Wireless Networks
Last Post: 28th January 2007, 04:17 PM
By Dos_Box in forum Downloads
Last Post: 29th January 2006, 09:43 PM
By Peter in forum Wireless Networks
Last Post: 9th January 2006, 12:34 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)