OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Bennett Todd (betrahul.net)
Date: Wed Oct 10 2001 - 12:33:59 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    2001-10-10-11:30:36 Chris Campbell:
    > [...] a lot of users saying the "slow network" cry [...]
    > [...] a lot of users are using file sharing apps like
    > kazaa/aimster/gnutella. [...]

    I'd try and put the first lot of users in touch with the second lot
    of users, get yourself out of the middle of their fight.

    Trace the traffic back to the users. This will require understanding
    your network, in particular it may require mapping through a table
    maintained by analyzing DHCP logs; and it'll require another bit
    to associate machines with users. In some shops you can produce a
    useable approximation by a running analysis of pop logs.

    Once you've identified who's producing/consuming the network
    traffic, set up an automatic web page showing the top 10 users
    sorted in descending order with their percent utilization,
    automatically updating every minute or so, and advertise it to
    anybody and everybody who whines about the slow net. Let 'em take
    enforcement into their own hands. Lynch mobs are fun!

    Blocking file-sharing services is not a battle I'd want to get
    into. Designers of file-sharing services are attempting to
    defend against assaults made by huge swarms of flesh-eating
    lawyers[1]. Do you want to try to compete with that threat? You
    may be able to block some current generation services with
    specific blocking rules. In fact, many of 'em won't work across a
    tightly-configured default-closed firewall enforcing a pretty tight
    security policy. But not all shops want that sort of perimeter
    stance. If they're able to get through now, I'd see if I can avoid
    having to try and implement technical blocking measures just to try
    and manage resources, especially since it's just a short-term
    stopgap; some future file-sharing service will sail through whatever
    you've implemented today.

    Instrument your net and get a sustainable balance.

    -Bennett

    [1] quote swiped from The Thomas Crowne Affair, 1999

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.4 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE7xIaHHZWg9mCTffwRAg93AJwJQP4pJH7qe5i5ISPGg0fY65nqYgCfXbJN
    LtsWp7vNiIzG6mQalvyADb8=
    =kymF
    -----END PGP SIGNATURE-----