Full Disclosure mailing list archives
Re: MediaSentry false positives?
From: Kevin <kkadow () gmail com>
Date: Thu, 13 Jan 2005 15:36:09 -0600
On Wed, 05 Jan 2005 09:53:55 -0500, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
On Tue, 04 Jan 2005 23:22:27 CST, Kevin said:I see two likely possibilities -- either MediaSentry is not using due diligence in verifying that the material for which they send infringement notices is actually shared from the address they show in the complaint,
It turns out that this is the case. Just this morning we received a message from the copyright holder (Not MediaSentry, they've completely ignored our emails and phone calls through the whole process) stating "Please disregard the notice you received. It was generated incorrectly, and the case ID or IDs mentioned are now closed. (A configuration problem with our anti-piracy vendor's system caused some notices to be sent in error.) "
or somebody on the Internet is spoofing BGP route announcements for unused address space out of larger allocations.This is actually quite likely a possibility. There are enough tier-1's who do a piss-poor job of filtering their BGP feeds that if you can inject an announcement you can hijack the address block.
Thanks to BJ Premore from Renesys, we have been able to confirm that the addresses in question were _not_ hijacked during the time period where MediaSentry reported an infringing file share. The only recent "hijack" event covering any of our reported IP addresses didn't match up with any of the incident timestamps, was related to the December 24th "Turk Telekom" incident, one of many thousand prefixes announced through TTNet. We are investigating using Renesys services, myASn, and other BGP monitoring approaches to proactively detect future hijacks. Unfortunately, this doesn't address any underlying flaws in the mechanisms used by MediaSentry (and other similar services) to detect and report copyright infringement. Kevin Kadow _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MediaSentry false positives? Kevin (Jan 04)
- Re: MediaSentry false positives? Florian Weimer (Jan 05)
- Re: MediaSentry false positives? Valdis . Kletnieks (Jan 06)
- Re: MediaSentry false positives? Florian Weimer (Jan 05)
- Re: MediaSentry false positives? Kevin (Jan 11)
- Re: MediaSentry false positives? Valdis . Kletnieks (Jan 06)
- Re: MediaSentry false positives? Valdis . Kletnieks (Jan 05)
- Re: MediaSentry false positives? Kevin (Jan 13)
- Re: MediaSentry false positives? Jeff Kell (Jan 13)
- Re: MediaSentry false positives? Valdis . Kletnieks (Jan 13)
- Re: MediaSentry false positives? Kevin (Jan 13)
- Re: MediaSentry false positives? Florian Weimer (Jan 05)
- Re: MediaSentry false positives? Albert Deindl (Jan 12)