RE: file hashes

From: Skinner, Andrew \(NBC Universal\) <>
Date: Mon, 21 May 2007 10:37:32 -0700

If logging can't be enabled on the countermeasure servers, how about
routing all those machines through an internal proxy and then tracking
the connections that way?

-----Original Message-----
From: Jay Mairs []
Sent: Thursday, May 17, 2007 10:32 AM
To: Markham, Aaron (NBC Universal)
Cc: Skinner, Andrew (NBC Universal)
Subject: RE: file hashes

We don't keep a history of individual file hashes/IP addresses in our
protection system because the computers in our protection system are
already pushed close to their limits. Any deep data collection (file
hashes, IP addresses, etc.) on our protection system would negatively
affect our protection effectiveness. Because of this problem, we
created a separate data collection system in order to collect more raw

The data feed files from our data collection system contain raw data for
supply and demand (including IP address) on the respective networks.
The data collection system only collects supply and demand, it is not
connected or related to our protection system in any way, so there is no
spoof, decoy, or interdiction data associated with the data feed files
for each network.

-----Original Message-----
From: Markham, Aaron (NBC Universal) []
Sent: Wednesday, May 16, 2007 1:49 PM
To: Jay Mairs
Cc: Skinner, Andrew (NBC Universal)
Subject: file hashes

Do you record the file hashes (for edonkey in particular) for every
swarm you interdict? Is that in the supply feed?
Received on Fri Sep 14 2007 - 10:55:53 BST

This archive was generated by hypermail 2.2.0 : Sun Sep 16 2007 - 22:19:46 BST