[unisog] Tracking down network offenders

Paul L Schmehl pauls at utdallas.edu
Wed Dec 19 18:09:44 GMT 2001

If it's a University owned machine, we check our logs for verification.  If 
the machine turns out to be "guilty" (whether intentionally being abused or 
compromised), we turn it off at the switch and notify the owner.  The owner 
must then provide proof that the problem has been resolved (reinstalled, 
disciplined the guilty party, etc.) before we will restore their 

If it's a student machine in the apartments (we don't have dorms), it's 
more difficult.  Since they're behind NAT, it's harder to track it down to 
a machine through the logs.  We would put a monitor on that network and 
observe the traffic to locate the machine.

In every case, we notify the sender of the action we took, even if that is 
simply "the IP is being spoofed and the traffic isn't coming from our 
network".  We do not provide the sender with the details of a disciplinary 
incident, just that "appropriate action" was taken.

--On Wednesday, December 19, 2001 8:27 AM -0600 MVick at mail.uttyl.edu wrote:

>      I am interested how Universities track down and respond to network
> complaints from outside the University.  For example:

Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member

More information about the unisog mailing list