It is vital within the university environment that the source of any abusive or malicious network traffic can easily be traced and isolated. Depending on the nature of the problem, it may be necessary to determine either the user or the computer responsible for particular traffic at a particular time. OxCERT will expect colleges and departments to be able to trace either upon request.
- malicious network traffic (scanning, sending spam, communicating with known Command and Control system, etc
- determining users affected by a security incident (e.g. users whose passwords have been exposed to a keylogger)
- suspected access of illegal materials
- alleged copyright infringement
- violations of University IT regulations
This document explains the procedures generally used in order to trace network abuse. It is the responsibility of each college and department to ensure that the necessary information is logged for users of their networks.Sections in this document: