Re: Is this for real?

On 10/04/07, Michael Bednar <MBEDNAR@xxxxxxxxxxxxx> wrote:

Hmmm...I have to ask myself if someone who is trespassing and stealing
your bandwidth has a reasonable expectation of privacy? I can see where
there would be a problem if you were an ISP and were spying on your
customers without their knowledge, but does someone who is breaking the
law (I don't think you need to know you're doing it -- try arguing your
way out of a criminal charge because you didn't know) have the same
protection? I am not a lawyer nor do I pretend to be, but I think the
only people who would be able to press charges are legitimate users who
were harmed by the surveillance.

Yes, but to prove bad faith on their part, you need to produce your
logs. In other words, you don't know it's OK to snoop on them, until
you've snooped on them. Are your logs admissible in court? What if
their little brother spent the afternoon playing with the system
settings and left it so that it would bind to the first access point
it came across?

If you want it secure there's WPA2, if you want accountability there's
things like 802.1X. I don't see the need or justification for

Jamie Riden, CISSP / jamesr@xxxxxxxxxx / jamie@xxxxxxxxxxxxxxx
UK Honeynet Project:

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to to learn more.