Re: Jail Time for Honeypots?

["yannick san" <yannicksan () free fr>]

Well, in fact, the banners we see when we try to log in to an equipement is
not as simple as I said, and they don't use sentance like "every commands
will be analysed"... sorry if the word "analysed" was interpreted like that.
I was thinking about the next step of writing such a message. Next step is
analysing the logs. About logs, in France it's forbidden by the law to trace
users... I believe it's nearly the same in US according to what was said
before about the cctv pictures... It is forbidden to trace users but the
problem is not the same if we can't identify them. For exemple, we can
analyse as many logs as we want to produce reports but we must respect that
it will impossible to reconize anybody during the whole process (from the
logs to the result). So when a security event is detected, here the problem
we have is that for knowing the author and using the results we must have
asked to a lawyer before. Sorry for my english, I hope you see what I mean.
Considering the honeypot as an "open system" where logs and other stuffs are
activated, don't you think that the problem return to a problem of logs ?
... don't you think that if it was impossible to reconize people from a cctv
system installed, we could have the right to film whatever we would like to
film ?
Thank you very much for your answer,

Yannick
Information Security Engineer


----- Original Message ----- 
From: "Jimi Thompson" <jimit () myrealbox com>
To: "yannick san" <yannicksan () free fr>; "Fernando Martins"
<fernando.martins () esoterica pt>; <honeypots () securityfocus com>
Sent: Thursday, April 24, 2003 6:36 PM
Subject: Re: Jail Time for Honeypots?


> > <SNIP>
> > About security banners, according to the law I'm agree that they must be
> > visible. It's true for cctv, it is true any equipements. Exemple : try to
> > log in to an equipement and a message appear to tell you that this
> > equipement is the property of xxx and every command passed is analysed...
> </SNIP>
>
> I think that the issue here would be what constitutes analysis.  I
> would suspect strongly that directing someone to a "honey net" so
> that you can analyze their attack would definitely fall under the
> wording on this banner.  While I do not pretend to be an expert in
> the laws and legalities of every country, this definition of analysis
> seems logical to me.  I would suggest that you might consult a
> technical law firm in your locale.
> -- 
> Thanks,
>
> Ms. Jimi Thompson, CISSP, Rev.
>
> "I'm a great believer in luck, and I find the harder I work, the more
> I have of it." -- Thomas Jefferson