[unisog] MediaSentry reports, threat or menace
epancer at security.depaul.edu
Mon Jan 10 20:48:30 GMT 2005
Stephen C Woods wrote on Mon, 2005-01-10 at 11:52:14 -0800...
> OK, lets look at the the other side of the issue, is Media-sentry
> generating only bogus reports?
> (Our report was for a machine that has NEVER used our network).
> Has anyone received a report from MediaSentry that actually turned out
> to be a real occurrence, that is the IP exists and you have evidence
> (netflows, confession etc) that the sharing really occurred.
Yes, we've correlated reports with flows in the past.
Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer at security.depaul.edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3
More information about the unisog