[unisog] another round of bogus DMCA notices
michael.holstein at csuohio.edu
Tue Oct 31 17:24:35 GMT 2006
> What do you mean by "bogus" or "non-existent?" If the IP addresses
> are valid within your netblocks, but are just not active at the time
> you look (or you are just doing "ping IP-ADDRESS" to verify, I
> would assume some clever miscreant has simply decided to start
> doing short-lived IP aliasing, firewalling, or something else
> designed to make verification of piracy harder. You may have
> to start logging traffic across your border to verify the claim.
I do log all the traffic (pix doing debug logging + argus behind that).
I also log all the DHCP traffic, and Ciscoworks polls the switches
several times a day, all of which gets put into a database.
On the day in question (as well as several before and after) I have no
argus records of any successful connections in/out (just a few inbound
TIM missses on ports that are open into that net but didn't find the
host). I also don't have any traffic on the PIX, except for a bunch of
UDP denies (which interestingly, do reflect eDonkey traffic -- the
protocol specified in the complaint).
Since I already know that Mediasentry (et.al) do not ever actually
connect to the host to verify it's really presenting a copy of the
purported pirate work -- they just scrape the directory -- I assume some
clever person (maybe the same folks that seed bad files) is poisoning
the directory with bad information.
Michael Holstein CISSP GCIA
Information Security Administrator
Cleveland State University
More information about the unisog