Full Disclosure mailing list archives
Re: [inbox] Re: Reacting to a server compromise
From: Peter Busser <peter () trusteddebian org>
Date: Mon, 4 Aug 2003 08:46:31 +0200
Hi!
and what if all the connections were via proxy on the charged persons computer???
Normally you would find traces of something like that on the system.
lets convict innocent people, i think not. condider the simple tcpredirect or a proxy, running on ( Jennifers ) system, omg look, Jennifer is being arrested for embezilling ABC company because ABC companys logs show Jennifers ip address as the originating IP address. im still failing to see computer generated access logs based upon IP addresses as evidence.
I don't think the logs themselves are enough to get someone convicted, as the evidence they provide is obviously thin. But they can be useful for corelation purposes and for finding out at what time things happened. But it will surely depend on your jurisdiction. I have heard about someone being convicted for several years imprissonment based on the story told by one eye witness (who was watching from a distance). Groetjes, Peter Busser -- The Adamantix Project Taking trustworthy software out of the labs, and into the real world http://www.adamantix.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Reacting to a server compromise, (continued)
- Re: Reacting to a server compromise Jennifer Bradley (Aug 02)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Bojan Zdrnja (Aug 06)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 06)
- Re: [inbox] Re: Reacting to a server compromise Valdis . Kletnieks (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- Re: Reacting to a server compromise Jennifer Bradley (Aug 02)
- Re: [inbox] Re: Reacting to a server compromise morning_wood (Aug 03)
- Re: [inbox] Re: Reacting to a server compromise Peter Busser (Aug 04)
- Re: Reacting to a server compromise SecuresDotComs (Aug 02)
- Re: Reacting to a server compromise madsaxon (Aug 02)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- Re: [inbox] Re: Reacting to a server compromise Gaurav Kumar (Aug 03)
- Re: Reacting to a server compromise Alexandre Dulaunoy (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- Re: Reacting to a server compromise David Hayes (Aug 05)
- Re: Reacting to a server compromise Ron DuFresne (Aug 05)
- Re: Hard drive images Craig Pratt (Aug 05)