From: Jan Heisterkamp (janheisterkamp@web.de)
Date: Sun Nov 11 2007 - 09:55:27 EST
I lost who started this thread.
Of course you can track a wireless attacker due the fact that he is
broadcasting a trackable signal and you can do it pretty accurate. But
he question behind is "And then?"
What will you do?
1.
If the attacker is in house you might have to close all the doors, call
the security stuff and confiscate all the laptops running wireless. The
attacker goes arested and the rest of the user will take their case to
the court, sueing you for damages.
2.
If the attacker is, let us say in a car in the street and you have
tracked and localized him what are you able to do?
You can't touch him, neither arrest him, you have no legal right to do
so; probably you will se the attackers golden finger he hits the road.
The energy you are wilt to afford to track this freak down you had
better spent before in securing your Network.
It's a fact, that you messed it up and not he.
I guess there is waiting some homework for you...
Regards
Jan
ep schrieb:
>>>> "Ah, if only all pentesters were also honeynet admins, /sigh"
>>> First, pen-testing is function of testing, not forensic analysis and
> incident response.
>
> Pen-testing has all the flavors of forensic analysis and incident response.
> It's just the other side of the coin that's usually amiss in practice.
>
>>> How do you propose to track the cookie? Are you making the assumption that
> all attacks will be to a web server? Adding a cookie to a web session is a
> valid response, if it is not a web >>session (and I saw nothing to suggest
> that this attack on an internal network was) then it may not be.
>
> It's NOT a web cookie, though in another example it could be and in fact
> it's the same functional idea. More specifically it's a username and
> password that belongs to (for the sake of the argument) OUR NETWORK, be it
> the network the attacker sniffed them from after breaking into or the one
> he/she would log into later on. That action would be a lead, from there we
> could add other ingredients to create more leads... But NEVER would any
> piece of data be placed on the attacker's machine that he/she didn't
> knowingly place there themselves. May I say dear Craig, that simple fact
> pretty much negates your remaining 'reply'. But let's continue.
>
> Once an ATTACKER steps past the authentication/authorization border he/she
> loses all rights of expected privacy on that network. As well, entrapment
> (4th amendment) applies to law enforcement ect..., which I'm not.
>
> If you are curious to the legalities of honeynets in the US then may I
> suggest you visit this site http://www.honeynet.org. Also, please kindly
> trim your replies.
>
>
> Have fun,
> --cg
>
>
>>> Adding active content to track the attacker is in fact an illegal access
> in itself. The defence of necessity will only hold in cases such as this if
> the action was truly necessary. An
>>> example would be to save a life. I saw no indication of this here.
>
>>> You seem a little flippant of the difficulties of tracking code and also
> of the legalities associated with this. Just because you are being attacked
> does not present you with the right >>or the legal reasoning to attack back.
>
>
>>> Next what if the attack was through another system? One that is ignorant
> of their part in all this? Installing a cookie as you so simply put if other
> than a simple web cookie is a
>>> breach of a number of US Acts.
>
>>> I would even state that this is dangerously close to the use of a "pen
> register" or "trap and trace device". I would suggest a reading of the USA
> Patriot Act of 2001 Federal Criminal
>>> Code Related to Computer Intrusions - and "18 U.S.C. § 3121 et seq.
> Recording of Dialling, Routing, Addressing, and Signalling Information" in
> particular. Then we have the whole issue
>>> of uploading data to a computer... Sorry, good intentions do not stop this
> from being a crime.
>>> You can not commit a crime to prevent a crime.
>
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:12 EDT