Peter Sommers, of Kings College London, did a paper on this subject
for RAID 98 which I enjoyed. Peter was an expert for the defense of
the fellow accoused of hacking Rome Air Force Base.
Adam
On Sat, Apr 10, 1999 at 04:07:25PM -0400, Ken Williams wrote:
| during conversation recently about some network hacks in which a number
| of machines were compromised, and while i was going through logs of
| several machines that have been compromised on a couple of different
| networks that i admin, an interesting legal issue regarding decoy traffic
| came up. after analysis of logs, it has become clear that some of the
| traffic can definitely be attributed to decoys/spoofing. consequently,
| the question of the validity of system logs and the legal admissibility of
| logs in court, in general, has arisen. the recent issue regarding
| Linux kernels <= 2.0.35 and blind tcp spoofing figures into the equation
| too now, especially with the release of the receive.c and lin35.c spoof
| code.
|
| thoughts? comments? suggestions? flames?
|
| take it easy,
|
| Ken Williams
| jkwilli2_at_csc.ncsu.edu
|
| Packet Storm Security http://packetstorm.genocide2600.com/
| Trinux: Linux Security Toolkit http://www.trinux.org/ ftp://ftp.trinux.org
| PGP DH/DSS/RSA Public Keys http://packetstorm.genocide2600.com/pgpkey/
| NCSU Computer Science http://www.csc.ncsu.edu/ jkwilli2@csc.ncsu.edu
| SHANG: Secure Highly Available Networking Group http://shang.csc.ncsu.edu/
|
Received on Apr 10 1999
Intro
