RE: Wireless Security (Part 2)

["Craig Wright" <cwright () bdosyd com au>]

In common law jurisdictions (and the US is a common law country, not
civil law - other than in Louisiana) you have rights. In the US there
are also constitutional rights.

These rights are expressed in law through mutual obligation.

You have every right to stop the attack or remove a host from your
network, but never any right to attack back. Two wrongs and all that.
Committing a trespass of your own can not be defended by a defence of
they did it first.

Regards,
Craig

-----Original Message-----
From: Ian Scott [mailto:ian () pairowoodies com]
Sent: Wednesday, 17 May 2006 4:46 PM
To: security-basics () securityfocus com; gillettdavid () fhda edu
Cc: hfebelingjr () lycos com
Subject: Re: Wireless Security (Part 2)

On May 16, 2006 02:47 pm, David Gillett wrote:

> 2.  Can you post a sign on your driveway, giving yourself the right to
> search any cars that park there that you don't recognize?  I don't
> think so.  You have the right to report them to the *police*, who in
turn
> might determine that a search warrant (or one of the few exceptions)
is
> appropriate, but simply arrogating that authority to yourself is risky
> at best.

People confuse "rights" with what governments limit one in doing. The
only
"rights" that I know are those "natural rights" which include ownership
of
property.

With this in mind, I would have every right to do anything with any item
found
on my property without my permission or knowledge. In my jurisdiction, I

don't have to call the police to have the property removed.  I can
remove the
vehicle myself without any permission from the State or its
representatives. 
I may also have reason to search the vehicle myself before removing it
for
any number of reasons.  So, this analogy is false.

As someone who has a number of computers on a network, and include
computers
with multiple IP addresses, I believe i have every right to attack an IP
I
find on my network to discover what it is that is using that IP address.
I
don't always have time, nor is it always convenient for me upon discover
of
the use of an IP address that I don't have a record of, to call all my
customers and ask if they perhaps configured their computer with an IP
(accidents can happen) incorrectly.

This applies to both wireless and wired components.

Depending on the circumstances, I may choose not to attempt to gain
access to
the computer or whatever it is that is on my network - if for example,
one of
my clients' boxes appears to have been hacked itself, and is sending out

spam, I won't bother trying to access the box.  I'll simply walk over
and
unplug it.  One could argue that my actions of removing the ethernet
cable
from the box is some form of "trespass" against that box - the male end
of
the cable is inside the female end of the ethernet card inside the box.

They can argue that all they want - with whatever analogies they want.
It's
my network - the resources that make the network possible, regardless of

whether it is wired or wireless, are my resources.  It's my property -
and I
have every "right" to know what or who is on my network - and there may
be
times when I simply can't ask - I have to do something else to find out.





Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.