Nmap Hackers: Re: decoy traffic and legal admissibility of logs in court

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Hackers mailing list archives

Re: decoy traffic and legal admissibility of logs in court

From: Andreas Bogk <andreas () andreas org>
Date: 11 Apr 1999 20:50:32 +0200

Sebastian <scut () nb in-berlin de> writes:

With logs, it's just the same, they are weak, can be spoofed, changed,
compromised, deleted, anything can be done with them. In case they are not
modifyable (like line printer logs) you can still add data to them, or
modify data that goes to them.


There has been some work on unmodifiable log files, basically using a
published hash as a checkpoint. See for instance:

http://www.iks-jena.de/mitarb/lutz/logfile/

Andreas

-- 
Reality is two's complement. See:
ftp://ftp.netcom.com/pub/hb/hbaker/hakmem/hacks.html#item154

By Date By Thread

Current thread:

decoy traffic and legal admissibility of logs in court Ken Williams (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Sebastian (Apr 10)
  - Re: decoy traffic and legal admissibility of logs in court Andreas Bogk (Apr 11)
- Re: decoy traffic and legal admissibility of logs in court David Pick (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Adam Shostack (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Ron Hale (Apr 12)
  - Re: decoy traffic and legal admissibility of logs in court Philip Ehrens (Apr 12)
- <Possible follow-ups>
- RE: decoy traffic and legal admissibility of logs in court Meritt, Jim (Apr 12)