[unisog] another round of bogus DMCA notices
bill.guilford at oit.gatech.edu
Tue Oct 31 19:21:38 GMT 2006
I have 3 IP's that were forwarded to me this morning that also appeared
to be bogus submissions, all from the RIAA.
I ran a netflow on each of the IP's after verifying that these were
non-routable and there was no data for the day in question, no flows or
I noticed that in these complaints that the Network was blank... it
should have read Limewire, Gnutella, etc.
Normally we do not get very many students that deny the allegations but
if they do, a netflow will give all the info needed to back up the DMCA
Jonathan Glass wrote:
> Dave Dittrich wrote:
>> Michael Holstein wrote:
>>> I know this has happened several times in the past, but today I got
>>> a round of DMCA notices for non-existent IP addresses.
>>> Is anybody saving these and their supporting evidence (that they're
>> What do you mean by "bogus" or "non-existent?" If the IP addresses
>> are valid within your netblocks, but are just not active at the time
>> you look (or you are just doing "ping IP-ADDRESS" to verify, I
>> would assume some clever miscreant has simply decided to start
>> doing short-lived IP aliasing, firewalling, or something else
>> designed to make verification of piracy harder. You may have
>> to start logging traffic across your border to verify the claim.
> We had several notices this week with non-assigned addresses which are
> completely unroutable on our network. They're obviously spoofed, and
> probably spoofed off-campus due to our anti-spoofing mechanisms.
> It presents an interesting problem for those of us processing take
> down notices. If these few are tainted, how many in the past, or near
> future, will be tainted by spoofed addresses?
> Jonathan Glass
> Information Security Engineer III
> OIT Information Security
> Georgia Institute of Technology
Bill Guilford Georgia Institute of Technology
Information Security Engineer Atlanta, GA 30332-0700
OIT - Information Security
More information about the unisog