rgreiner wrote:
> No, every user has to authenticate via captive portal, which uses our
> freeradius authentication structure (we have many radius servers,
> because we have about 2 dozen subdomains in use, for different campi of
> the university, but the main radius server is under our direct control).
> But what good will it do knowing the dhcp leases, if I only know the
> external IP, which is the IP of the monowall box??? And blocking tcp
> ports does not work, since bittorrent uses dynamic ports.
> 
> About the time of the violation, they sent the exact minute it happened,
> which does not help much, since at that specific moment I had 260 users
> connected.

A lot of this will depend on the laws at your location.  In my location, 
I could simply say that they have not given me enough information to 
find the person.  Yes, you can filter bit torrent, but it also has legal 
purposes, so you can not be required to.  As it is encrypted, you can 
not filter on content.  So it is up to them to give you enough data to 
find the person.  Did they packet sniff the connection?

But the laws in your location may be different.  Hate to say it, but ask 
a lawyer.

             Lee