[unisog] another round of bogus DMCA notices

Huba Leidenfrost huba at uidaho.edu
Tue Oct 31 17:30:40 GMT 2006


You could use ngrep at your border to look for continued use of the p2p
userid.  This will typically work if you are patient.

Huba Leidenfrost
ITS Security Analyst
University of Idaho

> -----Original Message-----
> From: unisog-bounces at lists.dshield.org 
> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Dave Dittrich
> Sent: Tuesday, October 31, 2006 9:07 AM
> To: UNIversity Security Operations Group
> Subject: Re: [unisog] another round of bogus DMCA notices
> 
> Michael Holstein wrote:
> > I know this has happened several times in the past, but 
> today I got a 
> > round of DMCA notices for non-existent IP addresses.
> > 
> > Is anybody saving these and their supporting evidence (that 
> they're bogus)?
> 
> What do you mean by "bogus" or "non-existent?"  If the IP addresses
> are valid within your netblocks, but are just not active at the time
> you look (or you are just doing "ping IP-ADDRESS" to verify, I
> would assume some clever miscreant has simply decided to start
> doing short-lived IP aliasing, firewalling, or something else
> designed to make verification of piracy harder.  You may have
> to start logging traffic across your border to verify the claim.
> 
> -- 
> Dave Dittrich                          Information Assurance 
> Researcher,
> dittrich at u.washington.edu              The iSchool
> http://staff.washington.edu/dittrich   University of Washington
> 
> PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
> Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
> 



More information about the unisog mailing list