[unisog] another round of bogus DMCA notices

Michael Holstein michael.holstein at csuohio.edu
Tue Oct 31 17:24:35 GMT 2006


> What do you mean by "bogus" or "non-existent?"  If the IP addresses
> are valid within your netblocks, but are just not active at the time
> you look (or you are just doing "ping IP-ADDRESS" to verify, I
> would assume some clever miscreant has simply decided to start
> doing short-lived IP aliasing, firewalling, or something else
> designed to make verification of piracy harder.  You may have
> to start logging traffic across your border to verify the claim.

I do log all the traffic (pix doing debug logging + argus behind that). 
I also log all the DHCP traffic, and Ciscoworks polls the switches 
several times a day, all of which gets put into a database.

On the day in question (as well as several before and after) I have no 
argus records of any successful connections in/out (just a few inbound 
TIM missses on ports that are open into that net but didn't find the 
host). I also don't have any traffic on the PIX, except for a bunch of 
UDP denies (which interestingly, do reflect eDonkey traffic -- the 
protocol specified in the complaint).

Since I already know that Mediasentry (et.al) do not ever actually 
connect to the host to verify it's really presenting a copy of the 
purported pirate work -- they just scrape the directory -- I assume some 
clever person (maybe the same folks that seed bad files) is poisoning 
the directory with bad information.

Cheers,

Michael Holstein CISSP GCIA
Information Security Administrator
Cleveland State University


More information about the unisog mailing list