Three Strikes Policy for Network Disruptions

Some customers operate network-attached devices in such a way as to inadvertently disrupt or degrade the University's network services repeatedly. These disruptions inconvenience other faculty, staff, and students throughout the University. Diagnosing and resolving these disruptions consumes valuable University resources.

After being advised that their activities have disrupted or degraded network service, some members of the University community continue to engage in similar activity. Although the customer does not intend to disrupt or degrade network service, repeatedly engaging in activity with these results is not acceptable.

To limit the number of such disruptions, OIT enforces a "three strikes" policy for such incidents.

When an accidental disruption or degradation of network service meets the guidelines below, the incident is counted as a "strike" for the customer responsible. Upon earning a third strike, all network service for the customer is blocked, and will be restored only with approval from an appropriate University disciplinary authority.

This policy provides each customer with two "second chances" before all network service for the customer is blocked and the matter escalates to an appropriate University disciplinary authority.

The policy covers incidents which are accidental, not intentional. Cases involving Intentional disruptions to network service are escalated to the attention of appropriate authorities.

Contents

• What Counts as a "Strike"?
• How is Each Strike Handled?
• Frequently Asked Questions

The following guidelines are used to determine if an incident should be counted as a "strike" under this policy.

• When a device attached to the campus network and operating as a NAT (Network Address Translator, a.k.a. "NAT Router") disrupts or degrades network service, the incident counts as a strike.

  This includes both hardware-based NATs (e.g., a dedicated device) and software-based NATs (for example, NAT software that runs on a computer).

  For more information, see Connecting a Private Network Address Translator to the Campus Network.

• When a campus network-attached device operating as a Wireless Access Point disrupts or degrades network service, the incident counts as a strike.

  This includes both hardware-based Wireless Access Points (e.g., a dedicated device) and software-based Wireless Access Points (for example, Wireless Access Point software that runs on a computer).

  Even when properly configured, these devices often degrade or disrupt network service, due to defects (e.g. bugs) in many models, or by interfering with the signal of University wireless service. For more information, see Connecting a Private Wireless Access Point to the Campus Network.

• When a device operating as a DHCP or BootP Server (or as a BootP Relay Agent) on the campus network disrupts service, the incident counts as a strike.

  Customers are not permitted to operate a DHCP or BootP Server (or as a BootP Relay Agent) on the campus network. It is only permissible to operate such services at the University on ones own private network.

• When a device attached to the campus network is intentionally configured to use a Princeton University IP address not assigned for its at the time, this counts as a strike.

  Configuring a device to "steal" an IP address not assigned for its use is not acceptable use of the campus network.

• When a device attached to the campus network is intentionally configured to forge a hardware address (a.k.a. "MAC address", "Ethernet hardware address", "Wireless hardware address"), this counts as a strike.

  Each device attached to the campus network must use its own hardware address. Configuring a device to forge a different hardware address is not acceptable use of the campus network.

• When a customer engages in network activity that disrupts or degrades network service, and it is reasonable to expect the customer should have known this activity would do so, this counts as a strike.

  For example, a customer downloads a program which comes with instructions saying the program is designed to interfere with network communication between other computers on the network. Or the instructions warn the customer to only run the program on a network belonging to the customer (not an ISP's network). If she runs the program on her computer while it is attached to the campus network, and it disrupts or degrades network service, it will count as a strike.

• Incidents due to a device that is compromised or infected normally do not count as a strike. (An exception may be made if the compromise or infection is due to a customer's flagrant disregard of safe computing practices.)

  When we count an incident as a strike, and the customer states the incident was caused by a compromise or infection, we will consider that claim carefully. Unless we see clear evidence that the particular compromise or infection could actually have caused the incident, the incident will still count as a strike.

• Just because OIT blocks network service for a device does not mean the incident counts as a "strike."

  Often we must block service for an issue that does not meet the parameters to be considered a strike. For example, we block service for infected or compromised machines, for persistently unregistered devices attached to the network, and upon the direction of appropriate University authorities.

• Incidents that are initiated by the OIT's IT Policy Officer normally are not normally strikes, because they don't fall within this policy.

  Such incidents often involve other violations of Princeton University Information Technology Resources and Internet Access -- Guidelines for Use, violations of Rights, Rules, Responsibilities, or violations of the law.

  When one of those incidents arises, the customer is normally apprised of how the incident will be handled by an appropriate University authority.

1. Upon earning "strike one", the customer is notified of the problem. Network service for the device(s) involved may be blocked. The customer may be instructed to disconnect the device from the campus network.

   After the customer notifies OIT that s/he has met the conditions set out by OIT (for example, disconnecting the device, or fixing it), OIT removes the blocks as appropriate.

2. Upon earning "strike two", the customer is notified of the problem. Network service for the device(s) involved may be blocked. The customer may be instructed to disconnect the device from the campus network.

   The customer is notified that this is the customer's "second strike" with respect to the "three strikes" policy. For example, the customer may be advised:

   If any device for which the customer is responsible (the same device or another device) causes Princeton's network service to be disrupted or degraded a third time, connectivity will be blocked, and service will not be restored without approval from the appropriate University disciplinary authority.

   After the customer notifies OIT that s/he has met the conditions set out by OIT (for example, disconnecting the device, or fixing it), OIT removes the blocks as appropriate.

3. Upon earning "strike three", the customer is notified of the problem.

   All network service for the customer is blocked. (Typically this means that all the devices registered by the customer are blocked, and the customer is denied the ability to make changes to the Princeton University Host Database. If the customer resides in University housing, all of the Ethernet ports in the residence may be disabled. If the customer has a University office, all of the Ethernet ports in the office may be disabled.)

   The customer is instructed to disconnect the device from the network. If the problem is considered incorrigible, the customer is forbidden from re-attaching the device to the campus network in the future.

   The customer is notified that this is the customer's "third strike" with respect to the "three strikes" policy. For example, the customer may be advised:

   As stated previously, because a device for which the customer is responsible has disrupted or degraded campus network service a third time, network service will not be restored without approval from appropriate University disciplinary authority.

   OIT then refers the matter to OIT's Senior Policy Advisor, who will contact the appropriate University disciplinary authority regarding the matter.

Do strikes accrue to devices or to people?

Strikes accrue to people, not devices.

For example, say a customer earns "strike one" due to a disruption caused by the customer's NAT. The customer then replaces the NAT with another NAT, and the new NAT disrupts service. The customer earns "strike two."

Is each *kind* of disruption counted separately?

All of a customer's strikes are counted together.

For example, say a customer's first strike is due to his NAT acting as a rogue DHCP server on the campus network. And his second strike is due to the NAT forwarding incoming broadcast traffic back to the network. If his third strike is due to him configuring his personal computer to forge another's hardware address, that's still three strikes.

Why doesn't the notification of the first incident include text saying explicitly "this is your first strike"?

We currently do not include that language to avoid being overly confrontational during the first incident. We hope that most customers will never proceed beyond a first incident, and will therefore never need to be confronted with warnings of possible disciplinary action.

When do strikes go away?

Strikes do not go away.

Why don't I get more chances before all my network services are blocked?

Princeton University has many students, faculty, and staff. Considers what happens if each of Princeton's 7100 students disrupts network service just once over a four-year period. We would average close to five disruptions every day of the year. (In reality, most of these disruptions would be during the academic year, rather than during break periods.)

The 'three strikes' policy gives each customer two "second chances"; only after the third strike do we block all network service for the customer. Can you imagine having network service disrupted fifteen times each day?

Why don't I get a warning before earning my first strike?

Your first strike is the warning. In fact, you get two warnings (the first and second strikes); we don't block all network service until you earn your third strike.

We recognize that in some cases, it may not have been reasonable to expect a customer to know that what s/he was doing was likely to cause a problem. (Although often, the activity that leads to the strike is indeed something that OIT explicitly documents as unacceptable, or liable to cause problems.) Either way, the first strike results in the customer being notified that the activity caused a problem. The second strike resulted in another notification, and an explicit statement of what would happen if there were to be a third strike. By the time a customer has earned a third strike, s/he has already been notified twice before. The "three strikes" policy is calibrated to provide a customer with two warnings before taking stronger action.

The disruption was accidental. Why should it count as a strike?

The "three strikes" policy is intended to cover only incidents that are inadvertent. Although the incident was accidental, it disrupted or degraded network service.

Had the disruption been deliberate, it would not have been covered by the "three strikes" policy. It would have been handled by referring it to appropriate authorities.

How does the three strikes policy relate to the policy regarding Wireless Access Points in dormitories and apartment buildings?

They are separate policies.

Individuals are not permitted to attach to the campus network any device operating as a Wireless Access Point in those University dormitories and apartment buildings where OIT Wireless Service is installed.

The first time that we become aware of a problem involving a customer attaching to the campus network (in a dormitory or apartment building where OIT Wireless Service is available) a device operating as a Wireless Access Point, we will block network service for the device and require that the customer disconnect the device. The second time this happens, we will block all network service for the customer.

Neither of those incidents on their own counts as a "strike" under the "three strikes" policy.