On Thu, Oct 23, 2008 at 10:49 AM, rgreiner <mrgreiner at gmail dot com> wrote:
> No, every user has to authenticate via captive portal, which uses our
> freeradius authentication structure (we have many radius servers,
> because we have about 2 dozen subdomains in use, for different campi of
> the university, but the main radius server is under our direct control).
> But what good will it do knowing the dhcp leases, if I only know the
> external IP, which is the IP of the monowall box??? And blocking tcp
> ports does not work, since bittorrent uses dynamic ports.
> About the time of the violation, they sent the exact minute it happened,
> which does not help much, since at that specific moment I had 260 users
> Any other ideas?
This sounds to me like a net neutrality issue. I am not a lawyer, but
if I were in your position I would seriously consider my obligations
to the "Associação Brasileira das Empresas de Software" and my legal
obligations with regards to monitoring my clients' online activities.
I would be inclined, after perhaps checking with my legal counsel, to
respond with a letter saying, in effect, "We're sorry, we run a
network with many anonymous individuals using our IP address on a
temporary and transitive basis. We simply do not have the resources,
much less the freedom to monitor their several online activities."
I recognise that you came to the list asking for technical help, but I
felt compelled to respond to the glaring ethical issues which really
face most or all ISPs lately. This is one hot topic that many of us on
this list have already faced or will have to face in the near future.