Schools to Avoid: University of Florida 829
Iphtashu Fitz writes "The University of Florida has apparently come up with a technological approach to deal with P2P file sharing on their campus networks. According to this article on wired.com they have developed a program that scans the PCs of students in the UF dorm rooms. The program, dubbed 'Icarus' not only detects P2P applications but viruses, worms, and other trojans. If a P2P application is found then an e-mail is sent to the user, a message is popped up on their screen, and their internet connection is disconnected. First time offenders lose their connection for 30 minutes. The second offense results in a 5 day loss. The third strike results in an indefinite loss of connectivity. An editorial in The Independent Florida Alligator, the student newspaper, called the use of Icarus 'an invasive and annoying system that further deters students from living in dorms (see also another story).'"
iptables (Score:3, Informative)
they can try to block losers, but they won't get the truly geek. and i sure wouldn't accept any violation of MY privacy and limiting legitimate uses (private servers,game servers, research projects, name it)
and before i get blasted into oblivion, no i don't use kazaa et al, my music is all legitimately got from www.emusic.com, go check it out
Great. Soon coming to an ISP near you! (Score:2, Informative)
An Inside Perspective (Score:5, Informative)
Icarus is a VB application which attempts to connect to the standard ports used by the various P2P apps. If it is able to connect to one of these ports, the IP is marked as suspect in the central DB.
Addresses marked as suspect are then sniffed, and all packets going to and from that IP are logged to a central server. The RIAA has already subponeaed most of this data for further analysis (and more lawsuits, I would expect).
Hope this helps
-sk
Re:Switchable MAC address... (Score:3, Informative)
The Division of Housing does NOT look kindly upon someone who so much as mentions the word 'router' in their hearing.
Re:Switchable MAC address... (Score:4, Informative)
Re:Switchable MAC address... (Score:3, Informative)
You could try taking someone else's MAC address, but you'd probably get noticied fairly quickly, and be in a lot of trouble.
Amen (Score:2, Informative)
Re:doesn't matter (Score:1, Informative)
Re:Switchable MAC address... (Score:4, Informative)
To give a real example from my university: By default, all the network jacks are on, and if you use it and don't pay for the dorm internet connection, it gets cut off after a week. If it is never used, it is left on (this helped reduce the mess of getting everyone set up the first week in the fall).
One day in the middle of the spring semester, we detected port scanning from a student townhouse dorm, coming from an unregistered jack (the townhouse had 4 of them, 2 of which were being paid for). The jack was still on because it was previously unused. Solution? We simply had the NOC kill the jack.
The student had switched the jack his computer was connected to, thinking it would prevent us from tracking him down. He was half right - perhaps we couldn't say which student in the townhouse was doing it. If he had a router behind it, we didn't need to know - the jack was all we cared about.
Lo and behold, within a few minutes one of the students at that room called up to say his network connection had died. It was hilarious... it was practically a confession. Of course he denied it, but refused my offer to come over and check his computer since it was port scanning without his knowledge. We let him off with a warning, and to the best of my knowledge, he didn't do it again.
Re:What the fuck? (Score:4, Informative)
Adding a router does not extend the segment. It creates a new segment and a new subnet. The 5-4-3 rule does not apply to routers. Just imagine how broken the Internet would be if we could have at most 4 routers between end points. :)
Jason.
Re:E-mail? (Score:3, Informative)
Do students have alternatives? (Score:2, Informative)
Re:Firewall them! (Score:3, Informative)
iptables -j REJECT --reject-with tcp-reset
Icarus sees port as being closed instead of filtered. Problem solved.
INDEPENDENT florida alligator (Score:2, Informative)
Re:An Inside Perspective (Score:5, Informative)
The system is more than just a port scanner. If you think you can evade it simply by blocking probes, you're dead wrong. The system is more than that, it also incorporates passive monitoring. Here's a hint. There ain't no way to disguise high bandwidth. No encryption, no port changes, nothing that will hide that. If you're downloading massive amounts of data, you will be found. Period.
Also, for those people who are arguing about morality, ethics, service, responsibility, priveledges, whatever, it's a moot point.
When you move into the campus housing, you sign a legal document to the effect that you will not run P2P. No, it's not illegal to run it, but it ~is~ a violation of your living agreement, and housing is well within their rights to shut you off or take other action for P2P or abuse of services (as many other posters have noted, the few that abuse the service often make it unusable for those who legitimately need it).
Re:Anti-Intellectual Environment (Score:5, Informative)
Re:Schools to no longer avoid! (Score:3, Informative)
I haven't done an extensive survey, but all of the universities I applied to (such as UIUC) had such a policy. Sure, they sometimes make exceptions (if you live with your parents, are married, have children, have disabilities that the university cannot accomodate and have a doctor's letter saying so, are over 21, and so on). As for widespreadness, a quick google search [google.com] shows that such policies are rather common, especially at public institutions.
Re:Anti-Intellectual Environment (Score:5, Informative)
Bzzz. (Score:4, Informative)
Actually, they are looking inside the computers themselves, identifying files, viruses and apps.
P2P bad, spyware also bad. (Score:3, Informative)
Florida's current solution is much too invasive, and not very effective. Does the app run in Linux? Wine? Mac? Limiting operating system choices is a very bad thing for a university, especially for the computer science students who are trying to widen their experience.
It's also not effective. What's to stop someone from running the spyware in an emulator? Renaming their P2P programs?
The problem is that a university network has untrusted (in the security usage) clients. But it's not a problem: It's easy to tell who's running P2P programs, and who's infected, centrally. This is more effective and less limiting.
Re:Anti-Intellectual Environment (Score:3, Informative)
bastards dont allow outside lines to come in, or else i would have dsl right now:-p(school network sucks for just about everythign including web browsing)
P2P is *horrible* for networks (Score:5, Informative)
However, P2P sharing is the *worst* thing your network can be beset with. The leeches hog incredible amounts of bandwidth. Kazaa et al. are also very network hostile with measures to get around a sysadmin's attempt to shape traffic.
It takes more and more admin time just blocking malware and P2P music sharing. The university network is there primarily for academic purposes, not wholesale music piracy.
It's a frigging nightmare. If I were a University admin, my goal would be to not block ports or traffic because I want proper end-to-end connectivity. But then you get the cancer that is Kazaa which actively tries to evade your attempts at sharing traffic. The only route left for the admin is a strict anti-music sharing policy. If only the leeches could control themselves instead of getting not only their mouths in the trough, but their front trotters too, it wouldn't be such a big deal. But of course, they show no restraint.
If I were a university admin, I'd make it very plain what the policy is when students get their connection. The policy would be no music sharing, no spam, no malware (if you want to share legitimate music, then you either put it on the music department's website or rent your own server). Anyone caught sharing music otherwise would have their account locked and would have to come to me for a bollocking. Three offences and it'd be disciplinary action.
Re:the punishment should be harsher (Score:1, Informative)
The kids are forced to pay for university network access, and no other options are available. I also love how lots of people are for UF telling you what programs your computer can run, but they get all pissy when MS tries it.
Re:More draconian measures to come? (Score:2, Informative)
My 2/100 of a $.
Re:An Inside Perspective (Score:2, Informative)
Or not." -wills, DHnet Administrator
http://www.dhnet.ufl.edu/forums/viewtopic.php?t
(ps. they all use bsd)
Re:Bzzz. (Score:4, Informative)
Since the article didn't really elaborate, my best guess is that for Icarus to be legit, all they can really do is to do a port scan on the machines. The "worms and viruses" they refer too often open up otherwise unused ports, and the classic 6*** ports used by P2P apps can be easily determined.
The article mentions that One way to read is the program scans the computer's contents and look for files, viruses and apps. Another way to look at it is the program scans the computer's ports and see if there's anything listening on ports that is "not allowed" to be open, i.e. worms that act as servers, viruses that act as servers AND apps that act as servers.
My school implemented a similar policy last year, when they monitor the traffic going to and from common p2p ports, and only allow us to have one upload going on at a given time. (The school acknowledges the legit uses of p2p, and so long as you don't violate copyright, you are wellcome to use it, if you do not overburden the university network. It was a purely bandwidth issue.) Other servers, such as the ones for games, or http or ftp (and as far as I can tell, SMTP too) are left to the owner's discretion.
My reading of the article is that the school created nothing more than an automated Portscan->Winpopup->Email->Access-Shutdow n system.
On a different note, I found it quite perculiar that no student have spoken up against UF's guilty until proven innocent stance. And blocking LAN games? That hardly consumes any bandwidth (going in and out of the university infrastructure), and I certainly hope that the Dorms are not so crowded that half a dozen guys playing Unreal Tournament drags down the network for the entire building! If that's the case, you wouldn't want to live there to start with.
Then again, I loved the quote Yep. University life should be just like real life. We banned the making of bicycles because some hoodlum terrorized pedestrians and committed robbery on one.
W
Re:Anti-Intellectual Environment (Score:2, Informative)
I for one have no qualms about them scanning the hell out of my system, or blocking P2P traffic (we have a port shaper that allows only 1% of available bandwidth to recognized P2P ports on the network), since BEFORE these policies were implemented, the campus connection was painfully slow. I'm not talking ISDN slow, rather, 14.4Kbps slow. And this is only 3-4000 students being served by an OC-48. After it was implemented, web browsing was increased dramatically (downloads to other universities and large corps went back up to 3-5Mbit, like it should be), and overall everyone was happier. People are stupid, get over it. When stupid people get together in large masses (the ResNet is one huge LAN), everything is multiplied exponentially... virus problems, worms, and bandwidth usage. It may be "evil", but its a necessary one.
You want the inside perspective? Here it is. (Score:3, Informative)
0. Downloading large files, etc. will never trigger ICARUS. This is not a simple matching system, by any means.
1. ICARUS is not some magic bullet super scanner. We use, and promote all open source tools, open source operating systems and free speech. We do not install a client package, we do not "hack" systems and we do not look at files, process tables, etc. on the client systems.
2. ICARUS is a system for integrating a vast array of tools together, making complex policy decisions based on data collection, and then taking complex actions. Yes, it can stop P2P apps in a wide variety of ways. It can do a lot of things regarding management. In that regard, it's not focused at all, it's something you use to manage everything around you. For example, you say you want to determine who has patched themselves against some certain vulnerability? Then select the appropriate methods for collecting the data you need, and decide what actions you want to take. Actions are limited by...perl.
3. "You are responsible for considering the moral implications of what you create, and how it is used"
I simply can't believe this statement. We DID consider the implications of it. Extensively. In fact, my co developer and I wrestle with it all the time. Vastly more good comes from what we are creating than bad. ICARUS is a policy enforcement tool...that can encompass a number of things. It is the policy of the University to prohibit illegal activity on their network. We are simply able to enforce it.
4. Florida Sunshine Law: Actually, this is explicitly covered as a mechanism of security policy enforcement. There is no legal access under this law to source code or anything else.
5. We will likely be making this a public open-source project in the spring. We intend to offer it free of charge, although the licensing itself has not been determined (likely GPL).
6. The individual claiming to know how it was written (re: VB, subpoened database, etc.), fabricated every part of that post. Only a tiny handful of people have seen the source code or been involved in a discussion about its internals.
Calm down, folks. Some day, you'll probably want to use it for something, I promise
Take care,
Rob
Actual information (Score:1, Informative)
0. Downloading large files, etc. will never trigger ICARUS. This is not a simple matching system, by any means.
1. ICARUS is not some magic bullet super scanner. We use, and promote all open source tools, open source operating systems and free speech. We do not install a client package, we do not "hack" systems and we do not look at files, process tables, etc. on the client systems.
2. ICARUS is a system for integrating a vast array of tools together, making complex policy decisions based on data collection, and then taking complex actions. Yes, it can stop P2P apps in a wide variety of ways. It can do a lot of things regarding management. In that regard, it's not focused at all, it's something you use to manage everything around you. For example, you say you want to determine who has patched themselves against some certain vulnerability? Then select the appropriate methods for collecting the data you need, and decide what actions you want to take. Actions are limited by...perl.
3. "You are responsible for considering the moral implications of what you create, and how it is used"
I simply can't believe this statement. We DID consider the implications of it. Extensively. In fact, my co developer and I wrestle with it all the time. Vastly more good comes from what we are creating than bad. ICARUS is a policy enforcement tool...that can encompass a number of things. It is the policy of the University to prohibit illegal activity on their network. We are simply able to enforce it.
4. Florida Sunshine Law: Actually, this is explicitly covered as a mechanism of security policy enforcement. There is no legal access under this law to source code or anything else.
5. We will likely be making this a public open-source project in the spring. We intend to offer it free of charge, although the licensing itself has not been determined (likely GPL).
6. The individual claiming to know how it was written (re: VB, subpoened database, etc.), fabricated every part of that post. Only a tiny handful of people have seen the source code or been involved in a discussion about its internals.
7. We don't terminate user access, we restrict them to campus-only access. Termination is an temporary action in last resort cases with multiple violations.
Calm down, folks. Some day, you'll probably want to use it for something, I promise
Take care,
Rob
I deal with the program everyday (Score:2, Informative)
Basically they port scan you. If you've accidently left WinXP's default Shared Doc's folder shared or anything shared then they say in the Housing Agreement you sign that they can log in and look at anything you have openly shared.
Now just cause they know people will run their own firewalls to block them out and then still run whatever apps they want.. they require you to leave certain ports and accept certain packets (i.e. ping, netbios stuff, etc).
The message that they pop up on your screen is actually a net send message.
In actually application, it has slowed down the max speeds of the network and latency is about the same. It does kick you offline for very short periods (long enough for IRC to reset sometimes and GAIM to definitely have to reconnect)