decoy traffic and legal admissibility of logs in court

[Ken Williams <jkwilli2 () unity ncsu edu>]

during conversation recently about some network hacks in which a number
of machines were compromised, and while i was going through logs of 
several machines that have been compromised on a couple of different 
networks that i admin, an interesting legal issue regarding decoy traffic
came up.  after analysis of logs, it has become clear that some of the
traffic can definitely be attributed to decoys/spoofing.  consequently,
the question of the validity of system logs and the legal admissibility of 
logs in court, in general, has arisen.  the recent issue regarding 
Linux kernels <= 2.0.35 and blind tcp spoofing figures into the equation
too now, especially with the release of the receive.c and lin35.c spoof 
code.

thoughts? comments? suggestions? flames?

take it easy,

Ken Williams
jkwilli2 () csc ncsu edu 

Packet Storm Security                 http://packetstorm.genocide2600.com/
Trinux: Linux Security Toolkit http://www.trinux.org/ ftp://ftp.trinux.org
PGP DH/DSS/RSA Public Keys     http://packetstorm.genocide2600.com/pgpkey/
NCSU Computer Science    http://www.csc.ncsu.edu/    jkwilli2 () csc ncsu edu
SHANG: Secure Highly Available Networking Group http://shang.csc.ncsu.edu/