[unisog] another round of bogus DMCA notices

Jordan Wiens numatrix at ufl.edu
Fri Nov 3 16:10:44 GMT 2006

Michael Holstein wrote:
>> What do you mean by "bogus" or "non-existent?"  If the IP addresses
>> are valid within your netblocks, but are just not active at the time
>> you look (or you are just doing "ping IP-ADDRESS" to verify, I
>> would assume some clever miscreant has simply decided to start
>> doing short-lived IP aliasing, firewalling, or something else
>> designed to make verification of piracy harder.  You may have
>> to start logging traffic across your border to verify the claim.
> I do log all the traffic (pix doing debug logging + argus behind that). 
> I also log all the DHCP traffic, and Ciscoworks polls the switches 
> several times a day, all of which gets put into a database.
> On the day in question (as well as several before and after) I have no 
> argus records of any successful connections in/out (just a few inbound 
> TIM missses on ports that are open into that net but didn't find the 
> host). I also don't have any traffic on the PIX, except for a bunch of 
> UDP denies (which interestingly, do reflect eDonkey traffic -- the 
> protocol specified in the complaint).
> Since I already know that Mediasentry (et.al) do not ever actually 
> connect to the host to verify it's really presenting a copy of the 
> purported pirate work -- they just scrape the directory -- I assume some 
> clever person (maybe the same folks that seed bad files) is poisoning 
> the directory with bad information.

Concur -- we got a complaint on a bittorrent network that the user 
contested and flow data showed that he wasn't actually running 
bittorrent, though he had definitely been listed in the tracker since we 
were seeing lots of inbound connection attempts.

It's a good thing the judicial system doesn't allow people to be legally 
persued just because they had the /potential/ to do something bad.

Well, they don't unless the DMCA is involved.  Apparently the "good 
faith" belief required by the DMCA that infringement is occurring is 


Jordan Wiens, CISSP
UF Network Security Engineer

More information about the unisog mailing list