From: ep (captgoodnight@hotmail.com)
Date: Fri Nov 09 2007 - 05:24:33 EST
>>>"Ah, if only all pentesters were also honeynet admins, /sigh"
>>First, pen-testing is function of testing, not forensic analysis and
incident response.
Pen-testing has all the flavors of forensic analysis and incident response.
It's just the other side of the coin that's usually amiss in practice.
>>How do you propose to track the cookie? Are you making the assumption that
all attacks will be to a web server? Adding a cookie to a web session is a
valid response, if it is not a web >>session (and I saw nothing to suggest
that this attack on an internal network was) then it may not be.
It's NOT a web cookie, though in another example it could be and in fact
it's the same functional idea. More specifically it's a username and
password that belongs to (for the sake of the argument) OUR NETWORK, be it
the network the attacker sniffed them from after breaking into or the one
he/she would log into later on. That action would be a lead, from there we
could add other ingredients to create more leads... But NEVER would any
piece of data be placed on the attacker's machine that he/she didn't
knowingly place there themselves. May I say dear Craig, that simple fact
pretty much negates your remaining 'reply'. But let's continue.
Once an ATTACKER steps past the authentication/authorization border he/she
loses all rights of expected privacy on that network. As well, entrapment
(4th amendment) applies to law enforcement ect..., which I'm not.
If you are curious to the legalities of honeynets in the US then may I
suggest you visit this site http://www.honeynet.org. Also, please kindly
trim your replies.
Have fun,
--cg
>>Adding active content to track the attacker is in fact an illegal access
in itself. The defence of necessity will only hold in cases such as this if
the action was truly necessary. An
>>example would be to save a life. I saw no indication of this here.
>>You seem a little flippant of the difficulties of tracking code and also
of the legalities associated with this. Just because you are being attacked
does not present you with the right >>or the legal reasoning to attack back.
>>Next what if the attack was through another system? One that is ignorant
of their part in all this? Installing a cookie as you so simply put if other
than a simple web cookie is a
>>breach of a number of US Acts.
>>I would even state that this is dangerously close to the use of a "pen
register" or "trap and trace device". I would suggest a reading of the USA
Patriot Act of 2001 Federal Criminal
>>Code Related to Computer Intrusions - and "18 U.S.C. § 3121 et seq.
Recording of Dialling, Routing, Addressing, and Signalling Information" in
particular. Then we have the whole issue
>>of uploading data to a computer... Sorry, good intentions do not stop this
from being a crime.
>>You can not commit a crime to prevent a crime.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:12 EDT