Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

The College Student Market

  • From: Ken Diliberto
  • Date: Sun Mar 14 12:53:37 2004

Andrew Dorsett wrote:

On Sun, 14 Mar 2004, Sean Donelan wrote:

A student in a college dorm room with an uncontrolled DHCP address may not
be able to run a server, even though they have more than enough symetric
Gig-ethernet bandwidth and you know what dorm it is physically located
because all student servers look alike. On the other hand, a mobile

This is a topic I get very soap-boxish about.  I have too many problems
with providers who don't understand the college student market.  I can
think of one university who requires students to login through a web
portal before giving them a routable address.  This is such a waste of
time for both parties.  Sure it makes tracking down the abusers much
easier, but is it worth the time and effort to manage?  This is a very
legitimate idea for public portals in common areas, but not in dorm rooms.
In a dorm room situation or an apartment situation, you again know the
physical port the DHCP request came in on.  You then know which room that
port is connected to and you therefore have a general idea of who the
abuser is.  So whats the big deal if you turn off the ports to the room
until the users complain and the problem is resolved?

I guess this requires very detailed cable map databases and is something
some providers are relunctant to develop.  Scary thought.....

Andrew
I'm curious about the concept of "College Student Market". We have several thousand students in our dorms who only have two choices for Internet service - our dedicated Ethernet or their dial-up (which they would have to pay for). We firewall them, packet shape them and don't pay much attention when they saturate their router. Housing has a choice to use campus services or go outside for Internet service - a much more expensive choice considering the amount they pay the campus.

We respond to complaints about abusers on the ResNet by first disabling the port. This is considered a strike against the resident for an AUP violation. In theory, three strikes and they're out.

After we upgrade the ResNet equipment, we're planning on 802.1x authentication on the port. I'm toying with suggesting certificates so we can simply revoke a cert if someone is a serious abuser which could (in theory) deny their workstation (laptop in most cases) access to the campus network. The problem with this idea is the amount of overhead required to manage the certificate infrastructure.

As to the question of "is it worth the time and effort to manage", I think yes. When the SQL Slammer worm hit last year, I put blocks at the border and blocks between subnets to contain the problem as best I could for two reasons (well, could be more but this is all I'm going to point out):
1 - Maintaining the usability of the campus network.
2 - Protecting the Internet in general from us.

How many ISP's care about either? How many won't do either because it would affect their bottom line?

Back to the original topic. We have a fairly good cable map. We can track DHCP and can even black hole a MAC address so it can't get an address. Why would we want a user to authenticate to the network? It adds accountability and a little more paranoia that if they do something they shouldn't, they'll get caught and we'll turn them off.

Remember: If you ask a student about their Internet access, you'll hear that it's free and they shouldn't be restricted as to what they can do.

Ken





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.