[unisog] another round of bogus DMCA notices

Peter Van Epp vanepp at sfu.ca
Thu Nov 9 15:56:54 GMT 2006

On Thu, Nov 09, 2006 at 09:26:39AM -0500, Dean.Halter at notes.udayton.edu wrote:
> So we receive a notice suggesting one of our IP address was sharing
> content.  In the notice there's some cryptic statement claiming "this ain't
> all we got!"  Given everything that has been discussed here, should the
> RIAA or MPAA or whomever provide more - a portscan, traceroute, some
> portion of the file, etc.?  What item(s) could be considered
> incontrovertible?
> Dean HalterUniversity of Dayton
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

	Network logs from your equipment on your border router (argus, netflow,
arp caches ...)? I wouldn't (and don't) trust any outside entity to tell me
what has or hasn't been going out from our network. I have logs from our 
border and can and do decide for myself if we "done it" (in all file sharing 
cases so far, we indeed "done it" very probably, which causes a new winner in
the "you bet your account" contest :-)). 
	There have been forged header spam email and DOS attacks that my logs 
indicate didn't come from here though (email not sent from here, only reply
packets from the DOS inbound to our net no traffic out). The insurance of 
having logs is well worth the relatively small cost of aquiring and saving 
them ...

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the unisog mailing list