[unisog] another round of bogus DMCA notices

Bill Guilford bill.guilford at oit.gatech.edu
Tue Oct 31 19:21:38 GMT 2006


I have 3 IP's that were forwarded to me this morning that also appeared 
to be bogus submissions, all from the RIAA.

I ran a netflow on each of the IP's after verifying that these were 
non-routable and there was no data for the day in question, no flows or 
no connections.

I noticed that in these complaints that the Network was blank... it 
should have read Limewire, Gnutella, etc.

Normally we do not get very many students that deny the allegations but 
if they do, a netflow will give all the info needed  to back up the DMCA 
claim.


Jonathan Glass wrote:
> Dave Dittrich wrote:
>> Michael Holstein wrote:
>>
>>> I know this has happened several times in the past, but today I got 
>>> a round of DMCA notices for non-existent IP addresses.
>>>
>>> Is anybody saving these and their supporting evidence (that they're 
>>> bogus)?
>>
>>
>> What do you mean by "bogus" or "non-existent?"  If the IP addresses
>> are valid within your netblocks, but are just not active at the time
>> you look (or you are just doing "ping IP-ADDRESS" to verify, I
>> would assume some clever miscreant has simply decided to start
>> doing short-lived IP aliasing, firewalling, or something else
>> designed to make verification of piracy harder.  You may have
>> to start logging traffic across your border to verify the claim.
>>
>
> We had several notices this week with non-assigned addresses which are 
> completely unroutable on our network.  They're obviously spoofed, and 
> probably spoofed off-campus due to our anti-spoofing mechanisms.
>
> It presents an interesting problem for those of us processing take 
> down notices.  If these few are tainted, how many in the past, or near 
> future, will be tainted by spoofed addresses?
>
> Thanks
>
> Jonathan Glass
> Information Security Engineer III
> OIT Information Security
> Georgia Institute of Technology
> 404-385-6900


Thanks,
-- 

Bill Guilford                         Georgia Institute of Technology
Information Security Engineer         Atlanta, GA  30332-0700
OIT - Information Security
404.385.0246




More information about the unisog mailing list