Penetration Testing mailing list archives
RE: How to track down a wireless hacker
From: cwright () bdosyd com au
Date: 9 Nov 2007 12:37:12 -0000
CG, Pen Testing is not forensics and incident response as much as you would like this. Forensics and Incident response are the other side of the argument. As for what I know on forensics, lets see. I am one of the 14 people with a GIAC GSE level accreditation, co-author of a forensic book and about 20 peer reviewed published papers. Oh, also post grad law and 15+ years experience in digital forensics (21 security). As for Honeynets - I have run several. You state: "Once an ATTACKER steps past the authentication/authorization border he/she loses all rights of expected privacy on that network. As well, entrapment (4th amendment) applies to law enforcement ect..., which I'm not." I find your lack of understanding of legal issues problematic. There is no relation to the 4th amendment and these actions. Neither did I mention entrapment. An attacker does not lose any rights. There is no legal recourse to attack back or retaliate. As much as you may not like it - this is how it works. Further, the attack may originate from an innocent 3rd party. The law does not work on the principle of an eye for an eye. How do you propose to find these leads? You seem to be stating that placing data somewhere will lead to a capture. Please explain how. I see this as a simple request. I ask you to explain how this will occur. Let us forget web cookies. You have stated a field in a database, username and password for instance. Please explain how this will lead back to the mystery attacker? Or is it that you are proposing that you will sniff traffic and find them post the event. That you propose making environmental changes that are going to be noticed? What if the attacker sniffed the network and did not insert anything? What if they played an inactive role in the attack gathering information and monitoring traffic flows as occurs in most of these cases? What then? You have made it sound simple, please elaborate. Craig Wright (GSE-Compliance) -------------------------------------------------------------------------------- From: ep [mailto:captgoodnight () hotmail com] Sent: Fri 9/11/2007 9:24 PM To: Craig Wright Cc: pen-test () securityfocus com Subject: RE: How to track down a wireless hacker
"Ah, if only all pentesters were also honeynet admins, /sigh"First, pen-testing is function of testing, not forensic analysis and
incident response. Pen-testing has all the flavors of forensic analysis and incident response. It's just the other side of the coin that's usually amiss in practice.
How do you propose to track the cookie? Are you making the assumption that
all attacks will be to a web server? Adding a cookie to a web session is a valid response, if it is not a web >>session (and I saw nothing to suggest that this attack on an internal network was) then it may not be. It's NOT a web cookie, though in another example it could be and in fact it's the same functional idea. More specifically it's a username and password that belongs to (for the sake of the argument) OUR NETWORK, be it the network the attacker sniffed them from after breaking into or the one he/she would log into later on. That action would be a lead, from there we could add other ingredients to create more leads... But NEVER would any piece of data be placed on the attacker's machine that he/she didn't knowingly place there themselves. May I say dear Craig, that simple fact pretty much negates your remaining 'reply'. But let's continue. Once an ATTACKER steps past the authentication/authorization border he/she loses all rights of expected privacy on that network. As well, entrapment (4th amendment) applies to law enforcement ect..., which I'm not. If you are curious to the legalities of honeynets in the US then may I suggest you visit this site http://www.honeynet.org. Also, please kindly trim your replies. Have fun, --cg ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: How to track down a wireless hacker, (continued)
- Re: How to track down a wireless hacker Mathieu CHATEAU (Nov 07)
- Re: How to track down a wireless hacker Nicholas Chapel (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 07)
- Message not available
- Re: How to track down a wireless hacker Nicholas Chapel (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 07)
- RE: How to track down a wireless hacker Ng, Kenneth (US) (Nov 07)
- Re: How to track down a wireless hacker cwright (Nov 07)
- Re: Re: How to track down a wireless hacker cwright (Nov 07)
- Re: How to track down a wireless hacker Francois Larouche (Nov 08)
- RE: How to track down a wireless hacker ep (Nov 08)
- RE: How to track down a wireless hacker cwright (Nov 10)
- RE: How to track down a wireless hacker ep (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 10)
- Re: How to track down a wireless hacker Jan Heisterkamp (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 13)
- RE: How to track down a wireless hacker cwright (Nov 13)
- Re: RE: How to track down a wireless hacker cwright (Nov 13)
- Re: How to track down a wireless hacker Jan Heisterkamp (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 13)
- Re: RE: How to track down a wireless hacker cwright (Nov 15)