Nmap Announce mailing list archives
Re: decoy traffic and legal admissibility of logs in court
From: Andreas Bogk <andreas () andreas org>
Date: 11 Apr 1999 20:50:32 +0200
Sebastian <scut () nb in-berlin de> writes:
With logs, it's just the same, they are weak, can be spoofed, changed, compromised, deleted, anything can be done with them. In case they are not modifyable (like line printer logs) you can still add data to them, or modify data that goes to them.
There has been some work on unmodifiable log files, basically using a published hash as a checkpoint. See for instance: http://www.iks-jena.de/mitarb/lutz/logfile/ Andreas -- Reality is two's complement. See: ftp://ftp.netcom.com/pub/hb/hbaker/hakmem/hacks.html#item154
Current thread:
- decoy traffic and legal admissibility of logs in court Ken Williams (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Sebastian (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Andreas Bogk (Apr 11)
- Re: decoy traffic and legal admissibility of logs in court David Pick (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Adam Shostack (Apr 10)
- Re: decoy traffic and legal admissibility of logs in court Ron Hale (Apr 12)
- Re: decoy traffic and legal admissibility of logs in court Philip Ehrens (Apr 12)
- <Possible follow-ups>
- RE: decoy traffic and legal admissibility of logs in court Meritt, Jim (Apr 12)
- Re: decoy traffic and legal admissibility of logs in court Sebastian (Apr 10)