Schools to Avoid: University of Florida

Iphtashu Fitz writes "The University of Florida has apparently come up with a technological approach to deal with P2P file sharing on their campus networks. According to this article on wired.com they have developed a program that scans the PCs of students in the UF dorm rooms. The program, dubbed 'Icarus' not only detects P2P applications but viruses, worms, and other trojans. If a P2P application is found then an e-mail is sent to the user, a message is popped up on their screen, and their internet connection is disconnected. First time offenders lose their connection for 30 minutes. The second offense results in a 5 day loss. The third strike results in an indefinite loss of connectivity. An editorial in The Independent Florida Alligator, the student newspaper, called the use of Icarus 'an invasive and annoying system that further deters students from living in dorms (see also another story).'"

An Inside Perspective

I am currently a sophomore at the University of FL who works part time as part of the campus network ops group. This provides me an intimate knowledge of how Icarus works.

Icarus is a VB application which attempts to connect to the standard ports used by the various P2P apps. If it is able to connect to one of these ports, the IP is marked as suspect in the central DB.

Addresses marked as suspect are then sniffed, and all packets going to and from that IP are logged to a central server. The RIAA has already subponeaed most of this data for further analysis (and more lawsuits, I would expect).

Hope this helps
-sk

Re:An Inside Perspective

[numatrix]

That's nice, but you didn't tell them the whole story. I work at the as one of only three full-time security people for the whole university, so you probably know me. Let me fill in the gap.

The system is more than just a port scanner. If you think you can evade it simply by blocking probes, you're dead wrong. The system is more than that, it also incorporates passive monitoring. Here's a hint. There ain't no way to disguise high bandwidth. No encryption, no port changes, nothing that will hide that. If you're downloading massive amounts of data, you will be found. Period.

Also, for those people who are arguing about morality, ethics, service, responsibility, priveledges, whatever, it's a moot point.

When you move into the campus housing, you sign a legal document to the effect that you will not run P2P. No, it's not illegal to run it, but it ~is~ a violation of your living agreement, and housing is well within their rights to shut you off or take other action for P2P or abuse of services (as many other posters have noted, the few that abuse the service often make it unusable for those who legitimately need it).

Re:Anti-Intellectual Environment

[Stackis]

I work for the UC system as a Sys Admin, and couldn't agree w/you more. Too many students seem to plug their machines into the Resnet, and not bother about AV software, or the bandwidth wasted when they share large files over the network. I think what U of F is doing is nothing but protecting their network from the inevitable...

Re:Anti-Intellectual Environment

[James+Lewis]

The issue here is the invasion of privacy. There are plenty of ways to control bandwidth usage without doing this. My college (Ga Tech) had huge problems with p2p software taking up all available bandwidth. For about two semesters the pings were 1000 even to across the street, and the network was almost unusable because of this. Finally Ga Tech did something smart: they updated the hubs so that they could limit everyone to 60 kb/sec upload on a port by port basis. The vast majority of traffic created by P2P is from uploading. Now everything runs smooth.

P2P is *horrible* for networks

[Alioth]

I disagree with scanning people's PCs.

However, P2P sharing is the *worst* thing your network can be beset with. The leeches hog incredible amounts of bandwidth. Kazaa et al. are also very network hostile with measures to get around a sysadmin's attempt to shape traffic.

It takes more and more admin time just blocking malware and P2P music sharing. The university network is there primarily for academic purposes, not wholesale music piracy.

It's a frigging nightmare. If I were a University admin, my goal would be to not block ports or traffic because I want proper end-to-end connectivity. But then you get the cancer that is Kazaa which actively tries to evade your attempts at sharing traffic. The only route left for the admin is a strict anti-music sharing policy. If only the leeches could control themselves instead of getting not only their mouths in the trough, but their front trotters too, it wouldn't be such a big deal. But of course, they show no restraint.

If I were a university admin, I'd make it very plain what the policy is when students get their connection. The policy would be no music sharing, no spam, no malware (if you want to share legitimate music, then you either put it on the music department's website or rent your own server). Anyone caught sharing music otherwise would have their account locked and would have to come to me for a bollocking. Three offences and it'd be disciplinary action.

Re:Bzzz.

[omega_cubed]

Is it really possible to "scan inside the computer"? I know that with many of my peers, the computer is so poorly locked down that anyone on the subnet can get read/write priv. to their Windows boxes. But there are also a great number who pay attention to such things. And wouldn't bypassing security/privacy for PC's constitute cyber-crime?

Since the article didn't really elaborate, my best guess is that for Icarus to be legit, all they can really do is to do a port scan on the machines. The "worms and viruses" they refer too often open up otherwise unused ports, and the classic 6*** ports used by P2P apps can be easily determined.

The article mentions that

Icarus then scans their computer, detects any worms, viruses or programs that act as a server, such as Kazaa.

One way to read is the program scans the computer's contents and look for files, viruses and apps. Another way to look at it is the program scans the computer's ports and see if there's anything listening on ports that is "not allowed" to be open, i.e. worms that act as servers, viruses that act as servers AND apps that act as servers.

My school implemented a similar policy last year, when they monitor the traffic going to and from common p2p ports, and only allow us to have one upload going on at a given time. (The school acknowledges the legit uses of p2p, and so long as you don't violate copyright, you are wellcome to use it, if you do not overburden the university network. It was a purely bandwidth issue.) Other servers, such as the ones for games, or http or ftp (and as far as I can tell, SMTP too) are left to the owner's discretion.

My reading of the article is that the school created nothing more than an automated Portscan->Winpopup->Email->Access-Shutdow n system.

On a different note, I found it quite perculiar that no student have spoken up against UF's guilty until proven innocent stance. And blocking LAN games? That hardly consumes any bandwidth (going in and out of the university infrastructure), and I certainly hope that the Dorms are not so crowded that half a dozen guys playing Unreal Tournament drags down the network for the entire building! If that's the case, you wouldn't want to live there to start with.

Then again, I loved the quote

The no file-servers policy has actually been in place for several years because several enterprising students had used the university network covertly to run their own commercial websites, some of which were illegal, according to Bird.

"One of the more popular websites for creating fake IDs was run off one of the student computers in the residence halls," he said. "It was up for about a month and a half. That example highlights exactly what you don't want to happen.

"The peer-to-peer file-sharing policy is a direct extension of that," he said.

Yep. University life should be just like real life. We banned the making of bicycles because some hoodlum terrorized pedestrians and committed robbery on one.

W