Educause Security Discussion mailing list archives
Re: HEOA Question
From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Date: Mon, 31 Jan 2011 11:57:40 -0500
I rescind, my prior (mis)statement, about the port number. It is included on more recent ones. It is the destination IP that is not not included. The port is just sometimes hard for me to correlate well. Also, recently I've gotten time stamps that were a day in the future even when I adjusted for time zones. Not sure where my brain was... earlier. Thanks for the corrections. D/C The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> writes:
In the past, we have seen some notices without port numbers. If they happened to be on a NATted segment of the network I simply replied, at the direction of the campus network support, that we needed a port number to proceed. I don't think we got any of those returned for further consideration but subsequent takedown notices had the necessary information. I scanned, this morning, my outstanding notices and all of them I looked had the port information. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cal Frye Sent: Monday, January 31, 2011 10:05 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] HEOA Question On 1/31/11 10:39 AM, Dexter Caldwell wrote:This is a very difficult problem for a few reasons: The DMCA notices themselves include only source host on your network, time stamp and sometimes a protocol and filename. I don't think I ever see the destination, and certainly not the port or session number you'd need to decipher the NAT logs.Not a destination address, no, but almost all of the ones I've seen recently do have a client port listed. We don't NAT, so I'm not certain this is the public-IP port visible on the connection or the private-IP port as reported by the P2P client, but it's there. I checked notices we received from MediaSentry, BayTSP, ESA, PeerMedia, and the RIAA...all list a port, address, protocol, filename, and timestamp. -- Best regards -- Cal Frye, Network Administrator, Oberlin College Mudd Library, x.56930 -- CIT will NEVER ask you for your password! www.calfrye.com, www.oberlin.edu/cit/ "Support the troops. . . . But don't force them to fight an immoral fight. That's like swearing allegiance to a gun without caring where it's aimed." -- Steven Weber.
Current thread:
- Re: HEOA Question, (continued)
- Re: HEOA Question SCHALIP, MICHAEL (Jan 31)
- Re: HEOA Question Steve Worona (Feb 01)
- Re: HEOA Question SCHALIP, MICHAEL (Jan 31)
- Re: HEOA Question Bulanda, Dave G (Jan 31)
- Re: HEOA Question Gioia, Matthew P. (Jan 31)
- Re: HEOA Question Bulanda, Dave G (Jan 31)
- Re: HEOA Question Harry E Flowers (flowers) (Feb 02)
- Re: HEOA Question Dave Inman (Feb 03)
- Re: HEOA Question Gioia, Matthew P. (Jan 31)
- Re: HEOA Question Cal Frye (Jan 31)
- Re: HEOA Question Jacobson, Dick (Jan 31)
- Re: HEOA Question Dexter Caldwell (Jan 31)
- Re: HEOA Question Jacobson, Dick (Jan 31)
- Re: HEOA Question Cal Frye (Jan 31)