[MLB-WIRELESS] Hypothetical: takedown notices

Tyson Clugg tyson at wireless.org.au
Thu Mar 6 04:19:11 EST 2003


sanbar wrote:
> someone connected to the local melbwireless node - not necessarily the
> node's owner - happens to be sharing their collection of mp3s, a couple
> of which are copied from a personal collection of paid-for CDs. <Lawyer>
> notes the node name, looks it up on the locfinder, and a takedown notice
> arrives at Melbourne Wireless' mail box by registered express post the
> next morning.
> What do we do?

We notify the node owner, who sends 'em to the sin bin by denying forwarding
of any traffic bearing the offender's MAC address.  A quick means of doing
so on a Debian system with arpwatch and iptables installed is as follows:

1. Determine the abusive MAC address:
[root at NodeAJJ]# grep arpwatch /var/log/syslog
Feb 29 15:16:29 NodeAJJ arpwatch: new station 10.10.128.58 4b:ad:b0:45:12:34

2. Stop all packets bearing said MAC address from being forwarded:
[root at NodeAJJ]# iptables -I FORWARD -m mac --mac-source 4b:ad:b0:45:12:34 -j
DROP

Of course this is relatively easy to circumvent, but I believe it is
certainly taking "reasonable steps" to cover-thy-arse and discourage misuse
of the MW network _at_the_node_level_.  After all, we are running a
distributed network...

This could be taken a few steps further by having nodes accept advice from
other trusted nodes as to which MAC addresses to add to the blacklist.  I'm
not sure how this would be implemented, but it is a possible thing to
investigate ONCE WE HAVE A FUNCTIONAL NETWORK!

3. We thank the lawyer for notifying us and let them know that steps have
been taken to prevent further abuse of the MW network by the offender.  The
lawyer doesn't need to know technical details of how we deny access to the
offender, just that we have taken what we consider to be reasonable steps to
do so.

4. If law enforcement officers ask to see details of the offence, we give
them a copy of the relevant log entries and firewall rules then wish them
well on their travels.

Here's how you might extract relevant log entries and firewall rules for law
enforcement officers using the example given above:
[root at NodeAJJ]# grep -irE "(10\.10\.128\.58)|(4b:ad:b0:45:12:34)" /var/log/
> /floppy/log_extract.txt
[root at NodeAJJ]# iptables -nL FORWARD > /floppy/firewall_extract.txt

Does this sound reasonable to everyone or have I read this whole thing
wrong?

Cheers,
Tyson.


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list