Educause Security Discussion
mailing list archives
Re: RIAA timestamps off
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Tue, 25 Sep 2007 11:00:51 -0500
At 10:49 AM 9/25/2007, Sweeny, Jonny put fingers to keyboard and wrote:
One recent example for illustration: a connection ends at 16:56 UTC.
Tons of traffic on port 37107 during that session. The RIAA alleges
(under penalty of perjury) that file sharing occurred at 18:16. No one
was using that IP address at that time. NetFlow data confirms that
there was no traffic at 18:16.
I think this is Bittorrent. The scenario I imagine is tha the
torrent was active in the (recent) past, and that information has
been cached. The RIAA checks, but doesn't actually try to download
so they don't realize that. You then get a report that doesn't
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058 (voice)
(847) 467-6500 (Fax) "You're never too old to have a great childhood!"