Re: HEOA Question

["Jacobson, Dick" <dick.jacobson () NDUS EDU>]

In the past, we have seen some notices without port numbers.  If they happened to be on a NATted segment of the network 
I simply replied, at the direction of the campus network support, that we needed a port number to proceed.  I don't 
think we got any of those returned for  further consideration but subsequent takedown notices had the necessary 
information.  I scanned, this morning, my outstanding notices and all of them I looked had the port information.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cal Frye
Sent: Monday, January 31, 2011 10:05 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HEOA Question

On 1/31/11 10:39 AM, Dexter Caldwell wrote:
> This is a very difficult problem for a few reasons:
>
> The DMCA notices themselves include only source host on your network, 
> time stamp and sometimes a protocol and filename.  I don't think I 
> ever see the destination, and certainly not the port or session number 
> you'd need to decipher the NAT logs.

Not a destination address, no, but almost all of the ones I've seen recently do have a client port listed. We don't 
NAT, so I'm not certain this is the public-IP port visible on the connection or the private-IP port as reported by the 
P2P client, but it's there.

I checked notices we received from MediaSentry, BayTSP, ESA, PeerMedia, and the RIAA...all list a port, address, 
protocol, filename, and timestamp.

--
Best regards
-- Cal Frye, Network Administrator, Oberlin College
   Mudd Library, x.56930 -- CIT will NEVER ask you for your password!

   www.calfrye.com,  www.oberlin.edu/cit/

"Support the troops. . . . But don't force them to fight an immoral fight. That's like swearing allegiance to a gun 
without caring where it's aimed." -- Steven Weber.