RE: How to track down a wireless hacker
- From: "ep" <captgoodnight@xxxxxxxxxxx>
- Date: Fri, 9 Nov 2007 01:24:33 -0900
incident response."Ah, if only all pentesters were also honeynet admins, /sigh"First, pen-testing is function of testing, not forensic analysis and
Pen-testing has all the flavors of forensic analysis and incident response.
It's just the other side of the coin that's usually amiss in practice.
all attacks will be to a web server? Adding a cookie to a web session is aHow do you propose to track the cookie? Are you making the assumption that
valid response, if it is not a web >>session (and I saw nothing to suggest
that this attack on an internal network was) then it may not be.
It's NOT a web cookie, though in another example it could be and in fact
it's the same functional idea. More specifically it's a username and
password that belongs to (for the sake of the argument) OUR NETWORK, be it
the network the attacker sniffed them from after breaking into or the one
he/she would log into later on. That action would be a lead, from there we
could add other ingredients to create more leads... But NEVER would any
piece of data be placed on the attacker's machine that he/she didn't
knowingly place there themselves. May I say dear Craig, that simple fact
pretty much negates your remaining 'reply'. But let's continue.
Once an ATTACKER steps past the authentication/authorization border he/she
loses all rights of expected privacy on that network. As well, entrapment
(4th amendment) applies to law enforcement ect..., which I'm not.
If you are curious to the legalities of honeynets in the US then may I
suggest you visit this site http://www.honeynet.org. Also, please kindly
trim your replies.
Have fun,
--cg
in itself. The defence of necessity will only hold in cases such as this ifAdding active content to track the attacker is in fact an illegal access
the action was truly necessary. An
example would be to save a life. I saw no indication of this here.
of the legalities associated with this. Just because you are being attackedYou seem a little flippant of the difficulties of tracking code and also
does not present you with the right >>or the legal reasoning to attack back.
of their part in all this? Installing a cookie as you so simply put if otherNext what if the attack was through another system? One that is ignorant
than a simple web cookie is a
breach of a number of US Acts.
register" or "trap and trace device". I would suggest a reading of the USAI would even state that this is dangerously close to the use of a "pen
Patriot Act of 2001 Federal Criminal
Recording of Dialling, Routing, Addressing, and Signalling Information" inCode Related to Computer Intrusions - and "18 U.S.C. § 3121 et seq.
particular. Then we have the whole issue
from being a crime.of uploading data to a computer... Sorry, good intentions do not stop this
You can not commit a crime to prevent a crime.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- Follow-Ups:
- Re: How to track down a wireless hacker
- From: Jan Heisterkamp
- Re: How to track down a wireless hacker
- Prev by Date: RE: How to track down a wireless hacker
- Next by Date: Re: Changing or spoofing the mac address of Beceem ms120.
- Previous by thread: RE: How to track down a wireless hacker
- Next by thread: Re: How to track down a wireless hacker
- Index(es):
Relevant Pages
|
|
