Skip navigation

Product Blog

2 Posts authored by: jmwatts

As you might imagine, we here at SolarWinds get to talk to quite a few folks in the IT world, and we hear many interesting stories and product uses.  I wanted to share one particular anecdote with you as it really does seem to be a nightmare scenario for some of our customers.

No one in IT is a stranger to digital piracy.  It has been happening on a small scale since the days when floppies were the norm.  Now that we’re all online, it’s a much different story.  With the advent of simple peer-to-peer software and some moderately fast transfer speeds, the rate at which files spread has increased dramatically in the last 10 years.  One of the first items to be shared so widely in this fashion was music.  The mp3 standard was perfect for this, as the small file size and the population’s desire to fill their new portable music players created an environment perfect for song swapping.


mp3 bliss

Early file sharing systems like Napster and Audiogalaxy proved wildly popular, but used a centralized model which gave industry watchdogs like the RIAA an easy target for lawsuits.  As these sites were shutdown, Internet users and music lovers still yearned for a cheap and easy way to fill their mp3 players.  iTunes was still gathering steam, and there were not yet any other viable commercial vendors who could offer enough music to satisfy the audience.  Still leveraging the convenience and power of peer-to-peer file sharing, decentralized versions were created, with the BitTorrent protocol emerging as the most popular.  Lacking a central server to query, this method of file sharing was not quite as easy to use as its predecessors, but rapidly gained popularity with savvy users.  An important aspect of this model was that there was no longer a central entity with which to threaten a lawsuit, once wrongdoing had been established.  Since the connections were all ad-hoc, no one was “in charge”, and it became very difficult to pin the blame on any single entity.  This also makes it very difficult to stop.


Any idea where these files came from, son?


A new strategy was required to combat this decentralized style of file sharing.  In order to focus their efforts where they would have the greatest effect, groups like the RIAA began to analyze the p2p traffic.  They were looking for tech savvy people who shared many files, and enjoyed fast Internet connections.  Universities fit the bill, and had the added benefit that they would be sensitive to government pressure and laws.  Through lobbying efforts, the Higher Education Opportunity Act of 2008 included several provisions that represented the ongoing pursuit to curb illegal file sharing on campuses.  Each campus must annually distribute information detailing copyright law, and the penalties of violation.  They were also directed to describe their policies and disciplinary actions regarding unauthorized peer-to-peer file sharing, in addition to tracking down the offenders that are discovered. It is this last item of assisting investigations that represents a technical challenge to the IT staff.

 


If only it were this easy


After receiving a DMCA notice, it is up the IT staff to track down and then serve the notice to the individual responsible.  Oftentimes, only the public IP address and port are given in the notice, and this must be translated to a person. We’ve heard of several different methods to discover the internal IP address that corresponded to the public IP and port, but there is one final step they all face.  The internal IP address must now be traced back to an individual person.  Unless the institution requires registration of all devices, this can turn into a daunting task of wading through log files.  This is where our software is saving people time and money.  User Device Tracker keeps historical information about the devices on the network, and can correlate IP Address, MAC Address, and Hostname.  With this data at one’s disposal, it is a trivial matter of looking up the history of an IP address to see what MAC or Hostname was behind it at the time.  We're happy this function is saving our customers so much time and energy!

 

Would you like to see how easy it can be to keep tabs on your network with User Device Tracker?

Download a free trial today!

We  spend so much time on the network side of things, dealing with IP  addresses, URL’s, MAC’s etc. that often the physical location of a  device is all but forgotten.  When things are going well, this isn’t  much of a problem.  We know that all the devices are out there somewhere, tethered  to the rack of switches.  But what happens when things aren’t going so  great?   Port tracking software bridges the gap between the network and  physical world.  Below are a few scenarios that illustrate the value of  knowing where things are and sometimes, where things were.

Bad Machines

Security  issues and rogue devices present a formidable challenge to the  unprepared team.  If a machine is flagged as having a virus or malware,  and only an IP or MAC is given, what is the quickest method to deal with  the problem?  Yanking the power cord would be the most direct action,  but first you’d have to physically find that device.  Knowing what  IP/MAC/Hostname is attached to each switch port at this moment would  prove most beneficial.  In fact, you wouldn’t even have to get up from  your desk.  Just log into the correct switch, and disable the port for  the offender.  The same method would apply to deal with a rogue or other  unknown device.  Once the IP or MAC has been detected on the network,  it can then be traced to the current switch port, which ultimately leads  to a physical drop.  Won’t they be surprised how fast the IT Police  show up after plugging in their personal wi-fi router?

Lost Assets

Misplaced  or lost devices introduce another problem that can be easily solved by  integrating the network and physical worlds.  How often has a computer  been “borrowed” from a department, never to be returned?  As with the  previous example, the current physical location of the missing device  can be determined with a simple lookup of the MAC or Hostname.  But what  if this machine was used briefly, turned off, cast aside, and forgotten  about in some dark corner of a lab?  If our port tracking software  keeps historical data as well, we can discover the last known location  of the device, which will give us a good lead in finding it now.

Digital needle in the haystack

Saving  historical switch port data gives us one more twist, and that is  rewinding the network a few months to find out who or what was  responsible for an event in the past.  Perhaps it took a few days or  weeks of analysis in order to spot a trend that points back to something  that needs attention.  Or maybe a law enforcement agency is asking for  help in identifying an individual responsible for some online  activities, and all they have to offer is an IP address from the past.   At this point, you can either pore through old DHCP logs, or ask your  port tracking software for the history of this IP address.  This can be  correlated with a MAC or hostname, which will point to an individual.

 

Switch Utilization

An  additional benefit of all this switch port monitoring is that it gives  you the opportunity to view switch utilization in a concise and  consolidated fashion.  A rack full of switches and cables may look  “full”, but just how many ports are in use?  How many have never been  used?  Vendor-agnostic port tracking software can easily display which  ports are currently in use.  A glance at this information will let you  know what switches are operating at or near port capacity.  Click on a  “dark” port to see when it was last used, or if it has ever been used at  all.  Reclaim enough ports on the rack and perhaps a new switch  purchase can be delayed.  Don’t forget the switch’s own CPU and memory  utilization.  As long as you’re monitoring all these ports, might as  well query these values to make sure none of the equipment is overloaded  another way.

Conclusion


Here  at SolarWinds, we recognize that these scenarios can represent a lot of  frustration and needless effort for an IT staff not properly equipped.   Clearly an affordable, effective tracking tool is needed so that these  problems will be solved with just a few mouse clicks. Would you like to see what we're working on?

Finding where devices are connected in your network

Filter Blog

By date: By tag: