Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schools to Avoid: University of Florida

Posted by michael on from the vote-with-your-dollars dept.

Iphtashu Fitz writes "The University of Florida has apparently come up with a technological approach to deal with P2P file sharing on their campus networks. According to this article on wired.com they have developed a program that scans the PCs of students in the UF dorm rooms. The program, dubbed 'Icarus' not only detects P2P applications but viruses, worms, and other trojans. If a P2P application is found then an e-mail is sent to the user, a message is popped up on their screen, and their internet connection is disconnected. First time offenders lose their connection for 30 minutes. The second offense results in a 5 day loss. The third strike results in an indefinite loss of connectivity. An editorial in The Independent Florida Alligator, the student newspaper, called the use of Icarus 'an invasive and annoying system that further deters students from living in dorms (see also another story).'"

12 of 829 comments (clear)

  1. An Inside Perspective by Anonymous Coward · · Score: 5, Informative

    I am currently a sophomore at the University of FL who works part time as part of the campus network ops group. This provides me an intimate knowledge of how Icarus works.

    Icarus is a VB application which attempts to connect to the standard ports used by the various P2P apps. If it is able to connect to one of these ports, the IP is marked as suspect in the central DB.

    Addresses marked as suspect are then sniffed, and all packets going to and from that IP are logged to a central server. The RIAA has already subponeaed most of this data for further analysis (and more lawsuits, I would expect).

    Hope this helps
    -sk

    1. Re:An Inside Perspective by numatrix · · Score: 5, Informative

      That's nice, but you didn't tell them the whole story. I work at the as one of only three full-time security people for the whole university, so you probably know me. Let me fill in the gap.

      The system is more than just a port scanner. If you think you can evade it simply by blocking probes, you're dead wrong. The system is more than that, it also incorporates passive monitoring. Here's a hint. There ain't no way to disguise high bandwidth. No encryption, no port changes, nothing that will hide that. If you're downloading massive amounts of data, you will be found. Period.

      Also, for those people who are arguing about morality, ethics, service, responsibility, priveledges, whatever, it's a moot point.

      When you move into the campus housing, you sign a legal document to the effect that you will not run P2P. No, it's not illegal to run it, but it ~is~ a violation of your living agreement, and housing is well within their rights to shut you off or take other action for P2P or abuse of services (as many other posters have noted, the few that abuse the service often make it unusable for those who legitimately need it).

  2. Re:Switchable MAC address... by LostCluster · · Score: 3, Informative

    You're still screwed. The lockdown can be placed at the switch port(s) that leads to your room. Can't spoof those without breaking into the locked closet... which hopefully the RA should be able to stop.

  3. Re:Switchable MAC address... by redcup · · Score: 3, Informative

    I used to work at the helpdesk at my school, so I can tell you this would most likely have no effect.

    To give a real example from my university: By default, all the network jacks are on, and if you use it and don't pay for the dorm internet connection, it gets cut off after a week. If it is never used, it is left on (this helped reduce the mess of getting everyone set up the first week in the fall).

    One day in the middle of the spring semester, we detected port scanning from a student townhouse dorm, coming from an unregistered jack (the townhouse had 4 of them, 2 of which were being paid for). The jack was still on because it was previously unused. Solution? We simply had the NOC kill the jack.

    The student had switched the jack his computer was connected to, thinking it would prevent us from tracking him down. He was half right - perhaps we couldn't say which student in the townhouse was doing it. If he had a router behind it, we didn't need to know - the jack was all we cared about.

    Lo and behold, within a few minutes one of the students at that room called up to say his network connection had died. It was hilarious... it was practically a confession. Of course he denied it, but refused my offer to come over and check his computer since it was port scanning without his knowledge. We let him off with a warning, and to the best of my knowledge, he didn't do it again.

    --

    RC
  4. Re:What the fuck? by Tack · · Score: 3, Informative
    Well, correct me if I'm wrong, but Ethernet has a standard for how many segments you can tack together (5 is it?)

    Adding a router does not extend the segment. It creates a new segment and a new subnet. The 5-4-3 rule does not apply to routers. Just imagine how broken the Internet would be if we could have at most 4 routers between end points. :)

    Jason.

  5. Re:Anti-Intellectual Environment by Stackis · · Score: 5, Informative

    I work for the UC system as a Sys Admin, and couldn't agree w/you more. Too many students seem to plug their machines into the Resnet, and not bother about AV software, or the bandwidth wasted when they share large files over the network. I think what U of F is doing is nothing but protecting their network from the inevitable...

    --

    "Look where we worship" -- Jim Morrison
  6. Re:Anti-Intellectual Environment by James+Lewis · · Score: 5, Informative

    The issue here is the invasion of privacy. There are plenty of ways to control bandwidth usage without doing this. My college (Ga Tech) had huge problems with p2p software taking up all available bandwidth. For about two semesters the pings were 1000 even to across the street, and the network was almost unusable because of this. Finally Ga Tech did something smart: they updated the hubs so that they could limit everyone to 60 kb/sec upload on a port by port basis. The vast majority of traffic created by P2P is from uploading. Now everything runs smooth.

  7. Bzzz. by mikedaisey · · Score: 3, Informative


    Actually, they are looking inside the computers themselves, identifying files, viruses and apps.

    1. Re:Bzzz. by omega_cubed · · Score: 4, Informative
      Is it really possible to "scan inside the computer"? I know that with many of my peers, the computer is so poorly locked down that anyone on the subnet can get read/write priv. to their Windows boxes. But there are also a great number who pay attention to such things. And wouldn't bypassing security/privacy for PC's constitute cyber-crime?

      Since the article didn't really elaborate, my best guess is that for Icarus to be legit, all they can really do is to do a port scan on the machines. The "worms and viruses" they refer too often open up otherwise unused ports, and the classic 6*** ports used by P2P apps can be easily determined.

      The article mentions that
      Icarus then scans their computer, detects any worms, viruses or programs that act as a server, such as Kazaa.
      One way to read is the program scans the computer's contents and look for files, viruses and apps. Another way to look at it is the program scans the computer's ports and see if there's anything listening on ports that is "not allowed" to be open, i.e. worms that act as servers, viruses that act as servers AND apps that act as servers.

      My school implemented a similar policy last year, when they monitor the traffic going to and from common p2p ports, and only allow us to have one upload going on at a given time. (The school acknowledges the legit uses of p2p, and so long as you don't violate copyright, you are wellcome to use it, if you do not overburden the university network. It was a purely bandwidth issue.) Other servers, such as the ones for games, or http or ftp (and as far as I can tell, SMTP too) are left to the owner's discretion.

      My reading of the article is that the school created nothing more than an automated Portscan->Winpopup->Email->Access-Shutdow n system.

      On a different note, I found it quite perculiar that no student have spoken up against UF's guilty until proven innocent stance. And blocking LAN games? That hardly consumes any bandwidth (going in and out of the university infrastructure), and I certainly hope that the Dorms are not so crowded that half a dozen guys playing Unreal Tournament drags down the network for the entire building! If that's the case, you wouldn't want to live there to start with.

      Then again, I loved the quote
      The no file-servers policy has actually been in place for several years because several enterprising students had used the university network covertly to run their own commercial websites, some of which were illegal, according to Bird.

      "One of the more popular websites for creating fake IDs was run off one of the student computers in the residence halls," he said. "It was up for about a month and a half. That example highlights exactly what you don't want to happen.

      "The peer-to-peer file-sharing policy is a direct extension of that," he said.
      Yep. University life should be just like real life. We banned the making of bicycles because some hoodlum terrorized pedestrians and committed robbery on one.

      W
      --
      Engineers also speak PDE, only in a different dialect.
  8. Re:Anti-Intellectual Environment by Worminater · · Score: 3, Informative

    Actually, you are required to use the schools internet if your on campus.

    bastards dont allow outside lines to come in, or else i would have dsl right now:-p(school network sucks for just about everythign including web browsing)

  9. P2P is *horrible* for networks by Alioth · · Score: 5, Informative

    I disagree with scanning people's PCs.

    However, P2P sharing is the *worst* thing your network can be beset with. The leeches hog incredible amounts of bandwidth. Kazaa et al. are also very network hostile with measures to get around a sysadmin's attempt to shape traffic.

    It takes more and more admin time just blocking malware and P2P music sharing. The university network is there primarily for academic purposes, not wholesale music piracy.

    It's a frigging nightmare. If I were a University admin, my goal would be to not block ports or traffic because I want proper end-to-end connectivity. But then you get the cancer that is Kazaa which actively tries to evade your attempts at sharing traffic. The only route left for the admin is a strict anti-music sharing policy. If only the leeches could control themselves instead of getting not only their mouths in the trough, but their front trotters too, it wouldn't be such a big deal. But of course, they show no restraint.

    If I were a university admin, I'd make it very plain what the policy is when students get their connection. The policy would be no music sharing, no spam, no malware (if you want to share legitimate music, then you either put it on the music department's website or rent your own server). Anyone caught sharing music otherwise would have their account locked and would have to come to me for a bollocking. Three offences and it'd be disciplinary action.

    --
    Oolite: Elite-like game. For Mac, Linux and Windows
  10. You want the inside perspective? Here it is. by Anonymous Coward · · Score: 3, Informative

    I am the architect of ICARUS, and I felt a need to address some of the overall comments in this thread as I have watched them develop.

    0. Downloading large files, etc. will never trigger ICARUS. This is not a simple matching system, by any means.
    1. ICARUS is not some magic bullet super scanner. We use, and promote all open source tools, open source operating systems and free speech. We do not install a client package, we do not "hack" systems and we do not look at files, process tables, etc. on the client systems.
    2. ICARUS is a system for integrating a vast array of tools together, making complex policy decisions based on data collection, and then taking complex actions. Yes, it can stop P2P apps in a wide variety of ways. It can do a lot of things regarding management. In that regard, it's not focused at all, it's something you use to manage everything around you. For example, you say you want to determine who has patched themselves against some certain vulnerability? Then select the appropriate methods for collecting the data you need, and decide what actions you want to take. Actions are limited by...perl.
    3. "You are responsible for considering the moral implications of what you create, and how it is used"
    I simply can't believe this statement. We DID consider the implications of it. Extensively. In fact, my co developer and I wrestle with it all the time. Vastly more good comes from what we are creating than bad. ICARUS is a policy enforcement tool...that can encompass a number of things. It is the policy of the University to prohibit illegal activity on their network. We are simply able to enforce it.
    4. Florida Sunshine Law: Actually, this is explicitly covered as a mechanism of security policy enforcement. There is no legal access under this law to source code or anything else.
    5. We will likely be making this a public open-source project in the spring. We intend to offer it free of charge, although the licensing itself has not been determined (likely GPL).
    6. The individual claiming to know how it was written (re: VB, subpoened database, etc.), fabricated every part of that post. Only a tiny handful of people have seen the source code or been involved in a discussion about its internals.

    Calm down, folks. Some day, you'll probably want to use it for something, I promise ;).
    Take care,
    Rob