Educause Security Discussion
mailing list archives
Re: Gaming and dorm students
From: "Loftus, Steven E" <seloftus () MCKENDREE EDU>
Date: Thu, 17 Jan 2013 17:40:05 +0000
At my location bandwidth is a serious concern due to availability - we are a small university and the local
infrastructure cannot provide above about 100Mbps service. In practice we don't even need this to facilitate reliable
connections and speeds with proper shaping techniques.
Our approach wasto do some research on how the games actually behave in practice instead of on paper. The p2p aspect
of games is usually a portion of the updater and not the game itself. The updater will also use a pre-defined port
range that is manageable, usually not exceeding about 1000 ports and certainly not in the range used by p2p clients
used for things like downloading music and movies. However, if you're in a lmited bandwidth setting, p2p activity will
kill you due to the massive overhead of that many connections being made.
We use a 3-fold approach - the first is your basic firewall using default block rule and being somewhat liberal with
how we open ports at the request of students. You'll need to do some research for them to figure out the necessary
ports, but that's not a big deal. The 2nd factor is your application filtering - getting your signature detection
working right so you can see when people are using p2p. Of course the p2p won't work with a restrictive firewall, but
the overhead is still there and can lead to congestion. In our case we block p2p that isn't explicitly allowed by the
firewall rules. Then we send the student a scary e-mail telling them to knock it off. The third step is just very
basic shaping - as the bandwidth and connection in use goes up, available bandwidth and connections allowed goes down.
This is quite possibly voodoo and is just taken care of by our gateway and I don't ask it questions. It does mean that
p2p updates usually don't work very well because, while the WAN bandwidth isn't really being used, they are using a ton
of half-open connections. When the game updater sees the p2p updater isn't working it usually kicks itself over to an
HTTP download, which isn't really a problem.
For reference - we were not happy with given appliance in terms of benefits to cost and accomplish most of this using a
cheaper server, Untangle, and some of our own wizardry. Each type of network, wired and wireless, feeds through their
own vLANs, their own gateways (as VMs, of course), and out through a commercial ISP to keep costs down and isolate
their activity from the academic network.
The real problem you're going to have is trying to offer wireless support for game consoles if you try to do anything
other than PSKs, but that is a discussion for another thread.
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hahues,
Sent: Thursday, January 17, 2013 11:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Gaming and dorm students
I am late to the party but here's what we do:
We got the charge from our housing administration to make living in housing as close to living at home as possible, so
we have totally unfiltered Internet, and a dedicated publically routable network for playstations/xboxs to get around
the NAT complications.
It's great for the students, it's hard for us, because we never have enough bandwidth. We have recently deployed an
Exinda traffic shaping device (like 2 weeks ago) but we are still in the process of tuning it.
We have a system that ties in with our NAC that will automatically move p2p users into a quarantine network, and they
get told they violated our networks acceptable use policy. This helps us for the most part with the RIAA/MPAA
Depending on the amount of people in your dorms, the sign in sheet may work, or you could allow everything from the
dorms, and just log who does what. If you get an RIAA notice, you can suspend the users network access.
Just some ideas.
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob
Sent: Monday, January 14, 2013 9:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Gaming and dorm students
I am the network admin at a small K-12 private school. We have about 90 dorm students.
A problem I am running into is enabling the dorm students to be able to use normal games like "World of Wrcraft",
"League of Legends", etc. It seems a lot of these games are using bittorrent on the backend.
Without digging into the specifics, how are others handling the dormers requests? Telling them no does not seem
appropriate, but not letting them play seems bogus. I was toying with the idea of having the individuals sign a sheet
saying they will not use bittorent for illegal purposes.
Any thoughts would be appreciated.
Note that I am using a Palo Alto so can handle filtering by user and app level.
Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org <http://www.aw.org/>
D: 253.272.2216 | F: 253.572.3616 | Bob_Williamson () aw org
Mission: Annie Wright's strong community cultivates individual learners to become well-educated, creative, and
responsible citizens for a global society.
Find Annie Wright Schools on Facebook <http://www.facebook.com/anniewrightschools>
Follow our Head of Schools on Twitter @AWShead <http://www.twitter.com/awshead>
No department at FGCU will EVER ask you for your username and password in person or through e-mail. If you receive an
e-mail requesting your EagleMail or FGCU email password, DO NOT respond. Delete the e-mail immediately. If you receive
a questionable e-mail, please contact the Help Desk at 239-590-1188.
BUSINESS TECHNOLOGY SERVICES WILL NEVER ASK FOR YOUR PASSWORD. You should never give out your username or password for
any accounts you have, including bank accounts, credit card accounts, and other personal or University accounts.
Business Technology Services will never contact you using a return e-mail address that is not @fgcu.edu. If you receive
a questionable e-mail or an e-mail asking for passwords and logon information, DO NOT RESPOND, and please contact the
Help Desk at 239-590-1188.