| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4C49470270F5AD43A0BDEA0F130C850B011CB209@its-emb1.umflint.edu> Date: Thu Nov 24 10:31:41 2005 From: jlauro at umflint.edu (Lauro, John) Subject: DMCA letters (testing method) Not to defend the RIAA, but remember that with peer-2-peer filesharing you don't have to connect to the machine you want to download the files from. You are both connected to a database, and the database can instruct the person with the file what machine to send it to. Otherwise no one behind a NAT would be able to "share" their files... So, you have to not only look at connection attempts to the IP mentioned, but also connection attempts *FROM* the IP mentioned. Peer-2-peer is not limitted to pulling, but can also push. > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf > Of Harry Hoffman > Sent: Wednesday, November 23, 2005 6:39 PM > To: full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] DMCA letters (testing method) > > We have this problem quite frequently. Get a DMCA notice... > start doing lookups for the violator only to find out that > there is no flow data for the IP and time period. > > Sometimes we will receive a letter a few days later to the > effect "Sorry, we made a mistake. The IP we wrote you about > doesn't seem to be sharing". > > Perhaps someone is actually checking, just not doing a very > good job of it? > > --Harry > > Michael Holstein wrote: > > I'm not sure who is doing the data collection for the RIAA > these days, > > but after getting several DMCA notices in the last few days, I've > > noticed that there is never any connection attempts to the IP > > mentioned, during the time mentioned (and yes, I know how to do the > > math on timezones). > > > > So I conclude the data collection process goes like this : > > > > 1) download something and listen to it. > > 2) retrieve the hash value for the file > > 3) search directory nodes for who offeres that hash > > 4) collect the IP addresses > > 5) provide list to monkeys in room with typewriters. > > > > So they never really *check* to see if the person accused is really > > hosting file, they just trust what the directory server told them. > > > > This of course begs the question : > > > > How can they ask me to take down something they aren't sure > is there? > > > > (nevermind that we're a 'provider' under the DMCA and ignore the > > requests unless it's on something we own rather than > provide transit > > to > > -- since it's always residence hall IPs). > > > > When they actually go the distance and sue somebody, do > they at least > > check then? > > > > Cheers, > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists