RE: Wireless Security (Part 2)

["Craig Wright" <cwright () bdosyd com au>]

Hi
First and sorry for the misunderstanding, but LE = law enforcement
 
"But I'm not talking about "remotely" attacking a server.  I'm talking about
anything on  MY network" In the case of a physical server this may be true that it is on your server and with certain 
exceptions and to the policy of the site you may be able to attack it if it is physically on the site with impunity.
 
In the case from the subject and thread you can not. A wireless host is not on your network. A lease of an IP address 
is at best an assignment of license and you have no rights to attack it. You have a right to extinguish the license. 
 
In Canada (CA) there are statues concerning access to radio frequency media. Wireless networking is included. By 
attacking a remote wireless host you are breaching the criminal codes.
 
Even in CA, you have the right to detain only to hold for the police. Not just as they trespassed
 
Regards
Craig

        -----Original Message----- 
        From: Ian Scott [mailto:ian () pairowoodies com] 
        Sent: Wed 24/05/2006 8:48 PM 
        To: Craig Wright 
        Cc: security-basics () securityfocus com 
        Subject: Re: Wireless Security (Part 2)
        
        
On May 24, 2006 05:12 am, Craig Wright wrote:
> Ian,
> Cases where you can detain a person who is there are not analogous to
> remotely attacking a server.

But I'm not talking about "remotely" attacking a server.  I'm talking about
anything on  MY network, and that is using IP addresses I've asssigned as far
as the public IP's that I have control over, or the private IP's that I have
control over.
> Next, the rights of LE are not those of the general public.

Have no clue what you mean.  What is LE?

AS well, the "general public" have no righs.  Invidividuals have rights.

> In case where there is a system on your network you do not have the
> relivant rights in possession. You may be lucky and not be charged. This
> happens. Often LE will turn a blind eye for the "greater good". This does
> not make the action warranted.

There is no such thing as "greater good."

What action are you referring to, with regard to being "warranted?'  Any
action I do, that is justified under law, which includes, using as much as
necesarry, is completely warranted.
> "then doing whatever is necessary to stop the trespass from continuing."
> block access. On a network when you already know of the attack this is not
> as difficult as many of the analogies that fly about.

Don't have clue to what you mean, in regard to what I've stated  In your
world, "blocking access" could also be a "trespass," no?

In my world, that might be one of the first things I'd do.  My activity
however, might also increase to where I could discover what exactly is going
on, and I might take whatever actions I wish, on MY network, against ANY
device, on MY network.

> What happens if you attack the wrong system?

The owner complains to me.  If he don't like my explanation, he goes and finds
another network to join with.

But in reality, I can never attack the "wrong" system, for i have every right
to know at all times, everything that is on my network. Therefore, there is
no "attack."



Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.  

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.