Educause Security Discussion mailing list archives
Network usage
From: "Niedens, Travis" <Travis_Niedens () REDLANDS EDU>
Date: Wed, 24 Mar 2004 14:07:18 -0800
All, This is another question along the line of what we've been talking about recently in regards to student traffic. We use netflow data to identify systems that are attacking the network and/or are using programs that violate our AUP. Once identified, we quarantine the system and notify ResNet so they are aware of what is going on. Recently we've decided to take it up a notch and use TCP translation counts to see if students are conducting the previously mentioned activities. Please keep in mind that we use these methods to avoid the need of using sniffers. We are seeing systems with anywhere from 500 to 1000+ translations. What I am wondering is, has anyone used this approach and if so, are there any valid (non p2p, adware, spyware or virus) programs that use this amount of TCP translations? Also, what do you set your TCP Connections / TCP Embryonic connections to? We are considering limits on both. Thanks, Travis Niedens Network Manager University of Redlands Phone: (909) 748-6328 Fax: (909) 793-2029 VoIP Phone: (909) 799-4778 VoIP Extension: 4778 "Defending the Network from Human Nature".. Cisco ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Network usage Niedens, Travis (Mar 24)