[Dshield] Enquiry about strange network usage by user

Jim McCullough jim.mccullough at gmail.com
Sun Oct 9 02:25:15 GMT 2005

In regards to Ed's comment, I agree. Be warned the user might claim
ignorance though. If this is the case, you might want to be prepaired for an
audit of the computer the user is using.

On 10/8/05, Ed Truitt <ed.truitt at etee2k.net> wrote:
> I think it is time that, if your org has a policy forbidding this type of
> activity, then you gather the evidence (for example, packet captures showing
> BitTorrent usage, and logs showing where/ when the transfers were done)
> along with your communication of the ban, and let his management deal with
> it (preferably in a public manner, 'as a lesson to others'.). BT is
> certainly a type of P2P traffic, mostly used for high-volume stuff (like
> movies, or ISO image files.)
> Sometimes technical controls aren't enough, and need enforcement of policy
> controls to be effective.
> -EdTr.
----------> trimmed

Jim McCullough

More information about the list mailing list