Nmap Announce mailing list archives
Re: decoy traffic and legal admissibility of logs in court
From: Adam Shostack <adam () netect com>
Date: Sat, 10 Apr 1999 18:59:45 -0400
Peter Sommers, of Kings College London, did a paper on this subject for RAID 98 which I enjoyed. Peter was an expert for the defense of the fellow accoused of hacking Rome Air Force Base. Adam On Sat, Apr 10, 1999 at 04:07:25PM -0400, Ken Williams wrote: | during conversation recently about some network hacks in which a number | of machines were compromised, and while i was going through logs of | several machines that have been compromised on a couple of different | networks that i admin, an interesting legal issue regarding decoy traffic | came up. after analysis of logs, it has become clear that some of the | traffic can definitely be attributed to decoys/spoofing. consequently, | the question of the validity of system logs and the legal admissibility of | logs in court, in general, has arisen. the recent issue regarding | Linux kernels <= 2.0.35 and blind tcp spoofing figures into the equation | too now, especially with the release of the receive.c and lin35.c spoof | code. | | thoughts? comments? suggestions? flames? | | take it easy, | | Ken Williams | jkwilli2 () csc ncsu edu | | Packet Storm Security http://packetstorm.genocide2600.com/ | Trinux: Linux Security Toolkit http://www.trinux.org/ ftp://ftp.trinux.org | PGP DH/DSS/RSA Public Keys http://packetstorm.genocide2600.com/pgpkey/ | NCSU Computer Science http://www.csc.ncsu.edu/ jkwilli2 () csc ncsu edu | SHANG: Secure Highly Available Networking Group http://shang.csc.ncsu.edu/ |
Current thread:
- decoy traffic and legal admissibility of logs in court Ken Williams (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Sebastian (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Andreas Bogk (Apr 11)
- Re: decoy traffic and legal admissibility of logs in court David Pick (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Adam Shostack (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Ron Hale (Apr 12)
- Re: decoy traffic and legal admissibility of logs in court Philip Ehrens (Apr 12)
- <Possible follow-ups>
- RE: decoy traffic and legal admissibility of logs in court Meritt, Jim (Apr 12)
- Re: decoy traffic and legal admissibility of logs in court Sebastian (Apr 10)