|
Nmap Hackers
mailing list archives
Re: decoy traffic and legal admissibility of logs in court
From: Adam Shostack <adam () netect com>
Date: Sat, 10 Apr 1999 18:59:45 -0400
Peter Sommers, of Kings College London, did a paper on this subject
for RAID 98 which I enjoyed. Peter was an expert for the defense of
the fellow accoused of hacking Rome Air Force Base.
Adam
On Sat, Apr 10, 1999 at 04:07:25PM -0400, Ken Williams wrote:
| during conversation recently about some network hacks in which a number
| of machines were compromised, and while i was going through logs of
| several machines that have been compromised on a couple of different
| networks that i admin, an interesting legal issue regarding decoy traffic
| came up. after analysis of logs, it has become clear that some of the
| traffic can definitely be attributed to decoys/spoofing. consequently,
| the question of the validity of system logs and the legal admissibility of
| logs in court, in general, has arisen. the recent issue regarding
| Linux kernels <= 2.0.35 and blind tcp spoofing figures into the equation
| too now, especially with the release of the receive.c and lin35.c spoof
| code.
|
| thoughts? comments? suggestions? flames?
|
| take it easy,
|
| Ken Williams
| jkwilli2 () csc ncsu edu
|
| Packet Storm Security http://packetstorm.genocide2600.com/
| Trinux: Linux Security Toolkit http://www.trinux.org/ ftp://ftp.trinux.org
| PGP DH/DSS/RSA Public Keys http://packetstorm.genocide2600.com/pgpkey/
| NCSU Computer Science http://www.csc.ncsu.edu/ jkwilli2 () csc ncsu edu
| SHANG: Secure Highly Available Networking Group http://shang.csc.ncsu.edu/
|
 By Date 
By Thread
Current thread:
|
Intro
