Schools to Avoid: University of Florida 829
Iphtashu Fitz writes "The University of Florida has apparently come up with a technological approach to deal with P2P file sharing on their campus networks. According to this article on wired.com they have developed a program that scans the PCs of students in the UF dorm rooms. The program, dubbed 'Icarus' not only detects P2P applications but viruses, worms, and other trojans. If a P2P application is found then an e-mail is sent to the user, a message is popped up on their screen, and their internet connection is disconnected. First time offenders lose their connection for 30 minutes. The second offense results in a 5 day loss. The third strike results in an indefinite loss of connectivity. An editorial in The Independent Florida Alligator, the student newspaper, called the use of Icarus 'an invasive and annoying system that further deters students from living in dorms (see also another story).'"
More draconian measures to come? (Score:3, Interesting)
Logins tested every day at random times. Should a login fail, box comes off network.
Switchable MAC address... (Score:5, Interesting)
Re:Schools to no longer avoid! (Score:1, Interesting)
Quite a impressive piece of work that is going to to be under the GPL (as I understand it).
Disclaimer: I don't work on the project, just know someone who does.
Sounds like China (Score:3, Interesting)
Re:Schools to no longer avoid! (Score:3, Interesting)
While I personally got so sick of the new system that I switched over to cable, I understand their need. The way the Vernier system works is your machine is assigned an IP but the DNS server forwards every one of your requests to a login web page where the student had to log in with their NT accound. This way, if they knew of a system that was infected, they would know whose machine it was(and could lock them out if necessary). I got sick of it becase it timed out every 5 minutes if no traffic took place over port 80, that means that streaming audio, FTP, even IRC/IM would drop out if you didn't keep browsing. Heck, even reading long pages would time you out, forcing you to go back and log in again.
But anwyays, this IS an invasion, their concern is what their machines are putting ON the network, not what's stored on their personal machines.
What do you mean "School to Avoid"????? (Score:2, Interesting)
My Niece went to college this fall and her "100mb/s" connection in her dorm room was running slower than the 56k elcheapo modem we installed so she'd have fax/voiceline answering machine capability.
I checked her system (worked fine) then put my packet sniffer in the wall socket and it just about fried! The university support puppy tracked it down to some students shairing movie files.
I'm emailing this story to them.
Re:Schools to no longer avoid! (Score:5, Interesting)
If you play by the rules, campus Internet access is a beautiful thing. However, it's the P2P bandwidth hogs that ruin the party for everyone.
There's no need for P2P to download anything when you've got such a fast connection to Internet2 at your fingertips. Either your school or one nearby will have all the Linux ISOs and other free-to-download programs you'll ever need.
Re:Icarus (Score:2, Interesting)
So, being big gamers, I'm guessing they won't care when 90% of there traffic is CS and BF1942?
Re:Switchable MAC address... (Score:3, Interesting)
After you sign up, it ties your University ID to your MAC address. I'd imagine they're not going to allow you to register a new MAC address if you're currently suspended.
On the other hand, if you don't use DHCP, and define everything (e.g. get the DNS servers and gateway from your roommate, and pick an IP in the same netblock) then there's no stopping you until you get an IP conflict (at which time you choose a new one).
Eventually somebody gets pissed of, traces it to a specific port on the switch, your room, etc. And the Department of Public Safety knocks on your door...
Re:Anti-Intellectual Environment (Score:5, Interesting)
So you want to complain about it? How about offering a valid solution? P2P apps soak up bandwidth. Viruses soak up bandwidth. Johnny Student is sharing 500 gigs of dvd's from his PC, and Jane Student has every virus known to man on her PC. Those two students alone are soaking up the available bandwidth and denying other students the ability to conduct legitimate research.
What kind of intellectual environment does not monitor their network to ensure that it remains available for legitimate use? If you want unhindered P2P, get a private connection. If you can't be bothered to protect your computer from viruses, get a private connection. Why shouldn't people face the consequences for their actions? Why should the truely innocent users pay for the abuse of those who can't be bothered to think of anyone but themselves?
There is only one body that can ensure that the campus network remains viable for all students. That's the campus body that runs the networks.
It's no surprise that any research requiring an inordinate amount of resources has to be justified. If the student is really researching something and they require more bandwidth, they should either justify it to the university or get their own private connection.
They may be paying for use of the network, but so are the hundres (or thousands) of other students. Bandwidth is not unlimited and the campus agency responsible for it has to make sure it's available for legitimate purposes.
Re:Good for them (Score:3, Interesting)
Just out of curiosity, what ISP is going to roll out broadband to a university dorm? That is like a non-existent market.
My biggest question about P2P useage... (Score:2, Interesting)
C'mon, college students - tell us. I'm really, truly curious. What are the most compelling, legitimate uses of P2P software for you?
Re:Schools to no longer avoid! (Score:3, Interesting)
Not really. As a rule, IT should not meddle with anything that only involves downloading. That can be done much more easily -- shut off major consumers of uplink bandwidth, firewall kazaa upload traffic, use something like PacketHound to block uploads, and so on. In no case should they actively portscan and automatically block computers.
Unconstitutional behavior of a State College. (Score:2, Interesting)
I guess the question is, is this school public or private? If public, they could get paddled. Electronic Communications Privacy Act (ECPA1986) may actually have some value here. - Because they sure as hell can't squeeze this under the Patriot Act.
(all opinions of this humble correspondent should be presumed wrong until proven otherwise.) kulakovich
Re:Schools to no longer avoid! (Score:2, Interesting)
Besides that, I'm still happy. The change to resnet left us all with private IP's that left many FTP sites unreachable (even with PASV) which meant I couldn't update my website, plus the P2P filtering filtered Bittorrent, and of course with no public IP, my computer was unreachable from work so no VNC or web services. I think the biggest complaint came from users with game consoles. This effectively shut them out because most don't have web browsers.
We've begged and pleaded with them to lax the rules or change the implementation. Even a PPPOE or MAC registration would be an improvement but our requests fell on deaf ears. I personally don't feel it was the right choice, we were given a single days notice it was going to occur a few weeks after we signed our apartment contracts! How's that for timing? But that's how our university functions. They gave a few families 90 days notice that their University-owned houses were going to be condemned and torn down for expansion only 60 or so days after signing a new lease. Oh well, they have their reasons I guess.
Re:Schools to no longer avoid! (Score:3, Interesting)
My freshman year was the Year of the Napster, though in the last few months of its existence I felt the pain of my college's pipe when trying to do the simplest things, like typing over ssh. It was simply unusable. They throttled by ports, and the person in charge of it was (and still is) incompetent. Back then, everything that wasn't on port 80 was throttled in one single category, while port 80 was prioritized. An http transfer would fetch 400k/s, while a ftp transfer from the same site would crawl at 3k/s. But using a tunnel for the same ftp connection was nice and speedy through port 80.
They have since instituted packet shaping policies, even though they denied them in the first issue of the school paper (which has yet to be digitized). They blame the slow speeds on Blaster and other incarnations, which is laughable at best. Though this is ironically, indirectly true, because they throttled 443 (https) because some filesharing service (the name of which I forget) uses it. On the upside, I have more time to work on my rubik's cube when I'm trying to look at my credit card balance.
Furthermore, the same incompetent individual in charge of the packet shaping has throttled each specified port in its own individual category. Which means that, say, Kazaa traffic gets 56kbps (the number that I was told), while Gnutella gets its own 56kbps. This is nice and all, but I'm still able to log on to good ol' IRC and download or even upload at 200-300k/s to my heart's content. Since they have the packet table filled, God help them if someone decides to be cute and set up an XDCC server or twelve.
We (my fellow CS majors and I) have ranted about this among ourselves and with our friends from the IT department for years now. The problem is that the college is primarily liberal arts (which was my first mistake, though I had enough coworkers in my future field recommend it to me) so most of the students don't know any better. They just want their porn and mp3s as fast as possible, and legitimate uses be damned.
Re:Firewall them! (Score:1, Interesting)
Their network, their rules. Deal with it, use dialup, or move off campus. If you want to pay for the University's legal defense against the RIAA, go ahead. The RIAA is really the main reason why this system got implemented in the first place.
Re:Anti-Intellectual Environment (Score:3, Interesting)
>
> Try again. The taxpayers of Florida own that bandwidth.
Just like your boss owns your house and car and everything else you bought with the money paid to you from him.
The taxpayers give money to the school for it to do with as it wishes.
What the school spends it on is a seperate issue.
'paycheck' or 'govt grant' it doesnt matter. money has exchanged hands and it is no longer the taxpayers once the school gets it. Thus, anything the school buys with it is NOT owned by the tax payers.
If it was any other way, I would loan everyone I know a dollar, and later claim that whatever big thing they did in their life resulted directly due to that dollar i gave them, thus i deserve credit/profit/etc for it.
Doesnt quite work like that.
Re:Anti-Intellectual Environment (Score:4, Interesting)
OK, here's one: it's called QoS on a switched network. Instead of saying "everyone gets 100Mb connectivity, more than enough to saturate our single T3, each", set the network to only allow 500kb per LAN drop. Simple solution, and solves the problem nicely without having to poke around inside students' computers.
At the same time, monitor bandwidth usage on a per port basis (gee, too bad there isn't a free multi-router traffic grapher [ee.ethz.ch] out there somewhere). Any user that consistently pegs their bandwidth cap gets a stern talking to from the local network honchos.
Cute: See their rules on firewalls (Score:2, Interesting)
On page 3...
Don't most modern operating systems include at least basic firewalling functionality?
Re:An Inside Perspective (Score:2, Interesting)
Does the school also dissalow downloading massive ammounts of data? Also, P2P leeching is just inbound data transfer just like HTTP. WTF is the difference?
How do you define P2P? If you are uploading to a peer? Or if you are downloading froma peer? What is a peer? A machine that runs a non HTTP service?
Oh Gosh.... what are things coming to.
Re:How would they do the scan?? (Score:5, Interesting)
Or, do they force you to run win on your computers you connect to the dorm's network..and have you install icarus software on your system?
A necessary step to protect (Score:1, Interesting)
1. The University owns the bandwidth--it's their decision on what constitutes authorized use. Period. You can complain, but there's an appropriate use policy.
2. The academic mission does not include providing portals for illegal downloading--they're accountable to the law--like or not, it's not free to download MP3s, or other copyrighted materials. It's not legal. Bitch. Moan. Whatever, it's the law and "due dilligence" is required by the University to keep it from liability by the rabid dog lawyers of the RIAA, etc.
3. All of our efforts to stop worms and viruses from getting through our border were comprimised when "promiscuous" machines were moved in and plugged into the network effectively spreading their disease to the yet unpatched and causing massive network saturation.
Call me a Nazi, but I think it's a GOOD idea to run a tight ship on PUBLICLY owned network. It's still not as stringent as the large corporations.
Don't give me that free speech BS. If this were an ISP, this would be an infringement, but this is a public university which reserves the right to set policies. When these things go unchecked and Lusers keep spraying the network with worms, portscans, hacks/cracks, and copyrighted materials being shared, you've got to blow the whistle before the lawyers come down on you and what little money you have for IT begins to get sucked away.
We IT folks at universities are underpaid and over-worked. It's a good thing to draw a line.
All this sounds a bit draconian, but you have NO idea what a mess it is with zillions of users saturating the bandwidth with Kazaa and worm packets. It affects everyone.
If you don't get it, well...you don't. Your idealism is blinding you from reality.
Slashdot: mostly missing the point... (Score:3, Interesting)
1)UF has instituted a ban on any and all file sharing, regardless of intent or content.
2)UF is scanning students' private computers to look for violations.
Slashdot reaction: No problem; these damn kids are just downloading music and pr0n anyway. (And, they'll be competing with us for tech jobs once they graduate, so three cheers for them getting hosed!)
[rant] Excuse me? Is this the same place that collectively does the wave when the RIAA comes up against any sort of opposition? The same place that actively discussed hacking Sen. Orrin Hatch's website when he advocated developing spyware, and remotely destroying the computer of anyone caught with copyrighted files? Did my DSL open up a wormhole, and somehow I've managed to log onto the Bizarro World's .\ ?? [/rant]
*regains composure* Yes, I'm certain that college dorms are hotbeds for distributing copyrighted MP3s. So is off-campus housing. The fact is, there are many legitimate uses for P2P. The person trying to obtain public domain photographs for a history research project is tarred with the same brush as those trying to download the collected works of Britney Spears. Someone sending a friend a shareware MP3 (provided by the band for the purpose of downloading) suffers the same penalty as someone looking for warez. Since FU has gone after IRC, I suppose that the next target will be ICQ, since both allow for file sharing; if you prefer using an IM service besides AIM, tough luck, kid. But we can't take the risk of you doing anything illegal.
True, bandwidth is not free. Handing the worst offenders a bill for their usage would provide an immensely powerful real-world lesson. Big Brother tactics, however, are not the solution. And to see /. endorsing such things leaves a sour taste in my mouth. Believe it or not, this is not an attempt to flame or troll. I just find it incredibly baffling that this policy is drawing large numbers of cheers from the same crowd that roundly condemns other attempts to infringe upon personal privacy.
Linux users getting cut off ? (Score:4, Interesting)
Re:An Inside Perspective (Score:2, Interesting)
You have to look at the packets themselves. p2pwall (in my post above) does this. It makes it possible to allow kazaa, et al to run, but doesn't allow them access to the outside world. Useful for distributing class notes, etc.
Stanford, unpatched comps, open ports, firewalls (Score:3, Interesting)
But, in support of UF's position, schools have cover-their-asses when it comes to I.P. and P2P issues since their big corporate donors can threaten to withhold funding. Also, it is almost ethically justifiable to block P2P, since the only few legitimate uses are (but not limited to) finding patches and sharing public-domain works. But, if colleges start blocking certain sites, then the line between protectionism and censorship begins to blurr. If these schools would firewall
New solutions for the problem? (Score:2, Interesting)
1) check total size of all files transfered in a given period on a port-by-port basis. Anyone breaching a limit (say, 1GB/week as an example) pays for additional bandwidth at a specified rate (say, $5/extra GB/week). Anyone doing legitimate reserach could appeal to a committee/get special permission or designate a lab to run these programs from.
2) If research and campus business is being disturbed, restrict student internet access between 9am and 5pm in all dorms, allowing them to access only University websites. Most research I ever needed was done on-campus, and if people need to they can wait until businesss hours are closed to go off campus. This would be a temporary fix but it gives the professors and bureaucrats an out and prevents them from complaining more than they do now.
3) Notify incoming freshmen that the university reserves the right to observe what files are being uploaded/downloaded from their computers. Anyone caught trading music, porn, etc. will be asked to verify that they own a copy of the files being traded with an initially stern in-house warning then reference to the local police authorities as punishment. This is extreme, but most of the bandwidth hogs are trading illegal copies of movies/porn/music anyway.
4) Note the top 50 people using bandwidth and publish their picture in the school newspaper. Enterprising students can deal with the individuals in legal means as they feel appropriate.
Finger-pointing is easy, but does anyone else have potential solutions/thoughts on how to solve this problem?
Of course, if you have a decent firewall... (Score:3, Interesting)
I know that my Uni (ok I graduated last summer) is keeping a rather tight eye on external bandwidth, in order to keep it blazing fast, as it is. But as far as I know, they're looking at total and sustained bandwidth usage, nothing else. Mysteriously, the internal DC++ hubs (IP limited to internal only, difference is only GB limit) are doing great and contain so many terrabytes, there's little reason to go anywhere else. I'm sure it stands out as a red herring on the internal LAN stats, but the networks admin don't want to look. And word-of-mouth spreads pretty quickly to those who haven't caught on.
Personally, I think that if the goal is to provide a network that is the most useful for all the students, that is the way to go. While I'm sure they "know" that illegal stuff is going on over their lines, they're acting as a good ISP and common carrier and don't nose around. I'm sure you wouldn't appriciate your cable company or telco to do so either, I'm sure they "know" too.
Kjella