lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <dc718edc0501131336969bcc8@mail.gmail.com>
From: kkadow at gmail.com (Kevin)
Subject: MediaSentry false positives?

On Wed, 05 Jan 2005 09:53:55 -0500, Valdis.Kletnieks@...edu
<Valdis.Kletnieks@...edu> wrote:
> On Tue, 04 Jan 2005 23:22:27 CST, Kevin said:
> > I see two likely possibilities -- either MediaSentry is not using due
> > diligence in verifying that the material for which they send
> > infringement notices is actually shared from the address they show in
> > the complaint,

It turns out that this is the case.

Just this morning we received a message from the copyright holder (Not
MediaSentry, they've completely ignored our emails and phone calls
through the whole process) stating "Please disregard the notice you
received. It was generated incorrectly, and the case ID or IDs
mentioned are now closed. (A configuration problem with our
anti-piracy vendor's system caused some notices to be sent in error.)
"


> > or somebody on the Internet is spoofing BGP route
> > announcements for unused address space out of larger allocations.
> 
> This is actually quite likely a possibility.  There are enough tier-1's who do
> a piss-poor job of filtering their BGP feeds that if you can inject an
> announcement you can hijack the address block. 

Thanks to BJ Premore from Renesys, we have been able to confirm that
the addresses in question were _not_ hijacked during the time period
where MediaSentry reported an infringing file share.

The only recent "hijack" event covering any of our reported IP
addresses didn't match up with any of the incident timestamps, was
related to the December 24th "Turk Telekom" incident, one of many
thousand prefixes announced through TTNet.

We are investigating using Renesys services, myASn, and other BGP
monitoring approaches to proactively detect future hijacks. 
Unfortunately, this doesn't address any underlying flaws in the
mechanisms used by MediaSentry (and other similar services) to detect
and report copyright infringement.

Kevin Kadow

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ