[unisog] stopping p2p

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Oct 29 02:11:44 GMT 2002

On Mon, 28 Oct 2002 16:46:07 PST, John Stauffacher <stauffacher at chapman.edu>  said:

> ports manually. I know the question everyone is begging to ask is "why
> not just block everything and open up only what you need". There are
> political measures that keep me from doing that. Anyways, any help would
> be appreciated. 


0) Think long and hard here - *WHY* are you trying to block P2P? If the answer
is "It's killing our bandwidth" then apply traffic shaping, and make clear to
the users that P2P traffic will not be allowed to swamp the Web/Mail/whatever
is crucial.  If it's "because it's only used to share pirated whatever", you
better disconnect yourself fully until you educate your users - remember that
it *IS* possible to attach a .MP3 file to an e-mail...

1) Deploy port-neutral traffic shaping (for instance, a rule like "No single
host is allowed more than X k/sec bandwidth" or "no single port other than
25 or 80 or 443 is allowed over 30% of the bandwidth". 

2) Fix your political issues.  See above.

3) For student machines, just create a working abuse@ address, and take
the "ISP Safe Harbor" provision that the DMCA gives you (that law isn't
ALL bad ;).  You get complaints from the RIAA or MPAA, you nuke the port
and turn it over to whatever student disciplinary process you presumably
have in place - I'd be surprised if there's a .edu left that *doesnt*
already have a well-defined process for handling a 17 USC 512 takedown notice ;)

4) If you really insist on *stopping* P2P, remember the saying "There are no
effective technological solutions to social problems" as you play whack-a-mole
with this week's port numbers....

				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20021028/111f805d/attachment-0007.bin

More information about the unisog mailing list