Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] MediaSentry false positives?
From: Jeff Kell (jeff-kellutc.edu)
Date: Thu Jan 13 2005 - 20:23:29 CST
-----BEGIN PGP SIGNED MESSAGE-----
Another interesting twist in DMCA reports in general that I've noticed
in recent tracebacks to see whom to approach with the clue bat, I'm
finding no correlating connections (by NTP timestamps) in our PIX logs,
but do see evidence of attempts to connect. The attempts timeout on the
incoming SYN. At first thought, they're making an accusation based on
stale directory cache data from another peer in the P2P network.
On closer examination, I find connections *from* the accused IP going
out to P2P server ports outside campus, and they are moving data, so
they are, in fact, doing something.
Further checking and there are hours and hours of attempted connections
inbound to the accused that are dropped due to SYN timeouts. So now I'm
thinking it's someone with WinXP firewall, and it's dropping incoming
requests. Well how about that :-)
So they are not, in effect, sharing anything on the network.
Does the DMCA cover "attempted sharing" ??
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.