[ previous ] [ next ] [ threads ]
 From:  rgreiner <mrgreiner at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IP violation
 Date:  Thu, 23 Oct 2008 14:49:57 -0200
No, every user has to authenticate via captive portal, which uses our
freeradius authentication structure (we have many radius servers,
because we have about 2 dozen subdomains in use, for different campi of
the university, but the main radius server is under our direct control).
But what good will it do knowing the dhcp leases, if I only know the
external IP, which is the IP of the monowall box??? And blocking tcp
ports does not work, since bittorrent uses dynamic ports.

About the time of the violation, they sent the exact minute it happened,
which does not help much, since at that specific moment I had 260 users

Any other ideas?

Thank you,


David Meireles wrote:
> Is it a public access network? If so, I guess you should have blocked
> those ports... Otherwise, you can ask them if they know the day the
> game was downloaded and check your dhcp leases for mac addresses for
> the day... I know it's a hard shot, but it's better than nothing...
> Melhores cumprimentos!
> rgreiner escreveu:
>> Hi,
>> I ran into a small IP problem.
>> I have a relatively large wireless network (simultaneous users ranging
>> from 50 to 380 during the day), all of them behind a monowall, using a
>> single external IP for NAT.
>> Now, today we received a complaint letter from the "Associação
>> Brasileira das Empresas de Software", the Brazilian organization that
>> handles copyright in software, saying that someone downloaded a game
>> through bittorrent, coming from that IP which is our external NAT
>> address for the wireless network. Now, what could I do try to identify
>> that user? What tools could I use (or implement for future occurrences)
>> to identify such users? 1-1 NAT is not possible, since we can't afford
>> 400+ IP addresses for it.
>> Another problem is that bittorrent usually employs cryptography, making
>> it hard to identify that's being used at all, much less what exactly
>> someone is downloading.
>> Any ideas?
>> Thank you,
>> Roberto

                Marcos Roberto Greiner

   Os otimistas acham que estamos no melhor dos mundos
    Os pessimistas tem medo de que isto seja verdade