[unisog] MediaSentry reports, threat or menace

Brian Eckman eckman at UMN.EDU
Mon Jan 10 20:29:27 GMT 2005

Stephen C Woods wrote:

>    OK, lets look at the the other side of the issue,  is Media-sentry 
> generating only bogus reports?
>    (Our report was for a machine that has NEVER used our network).
>    Has anyone received a report from MediaSentry that actually turned out
> to be a real occurrence, that is the IP exists and you have evidence
> (netflows, confession etc) that the sharing really occurred.

MediaSentry has typically sent valid complaints. There was the period of 
time last spring (roughly one week in duration, if my memory serves me 
well) and another now where anecdotal evidence suggests that *all* of their 
reports during the affected time windows were bogus. Outside of these two 
"events", MediaSentry has appeared to have been accurate in their reporting.

Brian (who is not trying in any way to defend MediaSentry)

Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota

More information about the unisog mailing list