[unisog] another round of bogus DMCA notices

Michael Holstein michael.holstein at csuohio.edu
Thu Nov 9 15:53:20 GMT 2006


There is a command-line way to dump the ciscoworks database to a text 
file (I have it somewhere ...). I use good 'ol BLAT to email that to 
another box where sendmail/perl stick it in MySQL for me.

If anyone wants those scripts and the database schema .. hit me off-list.

(I also import WINS data, and a bunch of other statically defined stuff 
like what jack is in what room .. such that another script can take 
STDIN list of IPs and return a CSV of where everything is).


Michael Holstein CISSP GCIA
Cleveland State University

David Lundy wrote:
> All:
>      I've thought about collecting information from CiscoWorks to keep
> track of our DHCP assignments to do historical tracking, but have do not
> have information on how to extract this information automatically on a
> scheduled basis.  If someone else is doing scheduled data extraction
> from CiscoWorks, I'd appreciate information on how you are doing this.
> David Lundy
> ----
> David Lundy
> Acting IT Security Officer
> University of the Pacific
> Stockton, CA 95211
> Email: dlundy at pacific.edu
> Voice: 209-946-3951
> Fax: 209-946-2898
>>>> Stephen C Woods <scw at seas.ucla.edu> 11/08/06 1:00 PM >>>
>   As a general case you should keep a list of IP + mac + last time
> this
> combo was seen:
> 00:0d:56:12:4e:6e 200611081211  YYYYMMDDHHmm
> 00:14:38:9f:dc:41 200607101207
>     Note: gathering IP/MAC pairs (sort -u is usefull here)
> and process them hourly is probably sufficent.   It helps to have
> a single router, otherwise you need to do some 'clever' filtering.
> <scw>
> On Wed, Nov 08, 2006 at 03:57:23PM -0500, George C. Russ wrote:
>> arp cache on routers will tell you. keep a history. cattools.
>> George
>> -----Original Message-----
>> From: unisog-bounces at lists.dshield.org 
>> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Dave Dittrich
>> Sent: Tuesday, October 31, 2006 12:07 PM
>> To: UNIversity Security Operations Group
>> Subject: Re: [unisog] another round of bogus DMCA notices
>> Michael Holstein wrote:
>>> I know this has happened several times in the past, but today I got
> a 
>>> round of DMCA notices for non-existent IP addresses.
>>> Is anybody saving these and their supporting evidence (that
> they're
>> bogus)?
>> What do you mean by "bogus" or "non-existent?"  If the IP addresses
>> are valid within your netblocks, but are just not active at the time
>> you look (or you are just doing "ping IP-ADDRESS" to verify, I
>> would assume some clever miscreant has simply decided to start
>> doing short-lived IP aliasing, firewalling, or something else
>> designed to make verification of piracy harder.  You may have
>> to start logging traffic across your border to verify the claim.
>> -- 
>> Dave Dittrich                          Information Assurance
> Researcher,
>> dittrich at u.washington.edu              The iSchool
>> http://staff.washington.edu/dittrich   University of Washington
>> PGP key      http://staff.washington.edu/dittrich/pgpkey.txt 
>> Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org 
>> https://lists.sans.org/mailman/listinfo/unisog 
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org 
>> https://lists.sans.org/mailman/listinfo/unisog 

More information about the unisog mailing list