[unisog] MediaSentry reports, threat or menace

Eric Pancer epancer at security.depaul.edu
Mon Jan 10 20:48:30 GMT 2005

Stephen C Woods wrote on Mon, 2005-01-10 at 11:52:14 -0800...

>    OK, lets look at the the other side of the issue,  is Media-sentry 
> generating only bogus reports?
>    (Our report was for a machine that has NEVER used our network).
>    Has anyone received a report from MediaSentry that actually turned out
> to be a real occurrence, that is the IP exists and you have evidence
> (netflows, confession etc) that the sharing really occurred.

Yes, we've correlated reports with flows in the past.

Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer at security.depaul.edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3

More information about the unisog mailing list