OIT security does not turn off machine access for P2P violations, except for non-responsive DMCA notifications, and then only in dorm situations. (And many of us are on this list and happy to help with problems.)
We have recently begun blocking several Gnutella-based P2P programs (quite publicly) to protect users as DMCA complaints regarding those services had spiked. But this is a border block, not something that would send individual address bits to /dev/null. So you're likely dealing with a machine that's compromised, not doing P2P. That should be remediated ASAP, not just blocked. We see machines of all sorts compromised these days, not just Windows, so the Macs and Linux boxen don't just get a pass when you're tracking it down. Malware tends to come equiped with adaptive methods these days, so you may end up playing whack-a-mole. You should call OIT Security at x6-HACK To find out exactly why it was blocked, and to find out more info which may allow you to identify the machine which is misbehaving. This situation is the result of the use of unauthorized routers and switches being used to allow labs to be placed on the network without the assistance (or billing) of NTS. Billing issues aside, running your own little NAT farm will get the whole thing whacked when something in there misbehaves. We'll try to help resolve the issue (we always both log a block where we, the NOC and helpdesk can see it, and send a notification to the administrator of record for the address.) If you contact us. Good luck. Rob Maxwell ------Original Message------ From: Justin Walker Sender: UM Linux User's Group To: [email protected] ReplyTo: Justin Walker Sent: Apr 28, 2008 10:18 AM Subject: [UM-LINUX] IPtables question Evidently someone in the lab network is running (intentionally or otherwise) some kind of p2p program, and OIT cut us off. They told me the traffic is on port 6667, so I'm just going to block it with our gateway server. I'm trying to add a rule with IP tables, but I keep getting an error. The command I'm trying to run is: iptables -A FORWARD -p tcp --dport 6667 DROP I get the error: Bad argument `DROP' Try `iptables -h' or 'iptables --help' for more information. Does anyone know what I'm doing wrong? - Justin ******************************************************************************* Robert Maxwell, CISSP, GCFA Lead Incident Handler OIT Security, University of Maryland rmaxwell at umd dot edu GnuPG Public Key: http://security.umd.edu/contact/Robert_Maxwell.asc *******************************************************************************
