[25830] in resnet
Re: NAT and RIAA
daemon@ATHENA.MIT.EDU (Wier, Timothy A.)
Wed Jan 26 13:02:09 2011
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-language: en-US
X-Env-From: tcp_cmail/tim.wier@cuchicago.edu
Content-Transfer-Encoding: 8bit
Message-ID: <E7C6DFDE498C8A4BA466F17123F8CE6E926CC2686D@E2K7MBX1.CNET.local>
Date: Wed, 26 Jan 2011 12:01:48 -0600
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: "Wier, Timothy A." <tim.wier@cuchicago.edu>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <00b901cbbd80$0a27b8b0$1e772a10$@edu>
We use this same type of setup here. One suggestion that I have that has really helped us was to split the logs hourly so you never have to search more than an hour's worth of data. We use Kiwi Syslog (paid version) here for that purpose as well as automatically compressing and remove old logs.
Tim Wier
Network Manager
Concordia University
tim.wier@cuchicago.edu
708-209-3565
-----Original Message-----
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Christopher Hickernell
Sent: Wednesday, January 26, 2011 11:40 AM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Re: NAT and RIAA
We are syslogging all PAT translations from our Cisco ASA firewall--"Built-Dynamic:ID305011." We also syslog the disconnections--message ID 305012. This enables us to search logs for the infringing IP/port and time frame--giving us the internal private address. Then it is a search of the DHCP logs for the internal IP address and time frame to produce the infringing systems MAC address.
Using several public addresses(6) for the PAT translation really improved our accuracy. Typically the public IP address and dynamic port combination was repeated only a few times per hour.
Thank You,
Christopher Hickernell, MCSE, A+, Network+, Security+ Network Support Specialist, ResNet Support Center Manager Clarion University of Pennsylvania Center for Computing Services
G-13 Still Hall |Clarion, PA 16214
814.393.2218
-----Original Message-----
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Matt Foreman
Sent: Wednesday, January 26, 2011 11:41 AM
To: RESNET-L@LISTSERV.ND.EDU
Subject: NAT and RIAA
The University of Nebraska-Lincoln is trying to find out some information about other schools experience with private IP addresses used for their ResNet and what experiences these schools have in handling RIAA violations.
With the NAT'ing process we are having some difficulty positively identifying all the students and we would like to understand what others in this situation might be doing to control this problem. Whatever input you could provide on this subject would be helpful.
Matt Foreman
UNL Information Services
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
