Honeypots mailing list archives
Re: Jail Time for Honeypots?
From: "yannick san" <yannicksan () free fr>
Date: Thu, 24 Apr 2003 21:19:01 +0200
Well, in fact, the banners we see when we try to log in to an equipement is not as simple as I said, and they don't use sentance like "every commands will be analysed"... sorry if the word "analysed" was interpreted like that. I was thinking about the next step of writing such a message. Next step is analysing the logs. About logs, in France it's forbidden by the law to trace users... I believe it's nearly the same in US according to what was said before about the cctv pictures... It is forbidden to trace users but the problem is not the same if we can't identify them. For exemple, we can analyse as many logs as we want to produce reports but we must respect that it will impossible to reconize anybody during the whole process (from the logs to the result). So when a security event is detected, here the problem we have is that for knowing the author and using the results we must have asked to a lawyer before. Sorry for my english, I hope you see what I mean. Considering the honeypot as an "open system" where logs and other stuffs are activated, don't you think that the problem return to a problem of logs ? ... don't you think that if it was impossible to reconize people from a cctv system installed, we could have the right to film whatever we would like to film ? Thank you very much for your answer, Yannick Information Security Engineer ----- Original Message ----- From: "Jimi Thompson" <jimit () myrealbox com> To: "yannick san" <yannicksan () free fr>; "Fernando Martins" <fernando.martins () esoterica pt>; <honeypots () securityfocus com> Sent: Thursday, April 24, 2003 6:36 PM Subject: Re: Jail Time for Honeypots?
<SNIP> About security banners, according to the law I'm agree that they must be visible. It's true for cctv, it is true any equipements. Exemple : try to log in to an equipement and a message appear to tell you that this equipement is the property of xxx and every command passed is analysed...</SNIP> I think that the issue here would be what constitutes analysis. I would suspect strongly that directing someone to a "honey net" so that you can analyze their attack would definitely fall under the wording on this banner. While I do not pretend to be an expert in the laws and legalities of every country, this definition of analysis seems logical to me. I would suggest that you might consult a technical law firm in your locale. -- Thanks, Ms. Jimi Thompson, CISSP, Rev. "I'm a great believer in luck, and I find the harder I work, the more I have of it." -- Thomas Jefferson
Current thread:
- Re: Jail Time for Honeypots?, (continued)
- Re: Jail Time for Honeypots? Bernie, CTA (Apr 20)
- Re: Jail Time for Honeypots? Octavian POPESCU (Apr 21)
- Re: Jail Time for Honeypots? Fernando Martins (Apr 21)
- Re: Jail Time for Honeypots? yannick san (Apr 21)
- Re: Jail Time for Honeypots? Kevin Saenz (Apr 21)
- Re: Jail Time for Honeypots? Jimi Thompson (Apr 21)
- Re: Jail Time for Honeypots? InformationSecurity (Apr 22)
- Re: Jail Time for Honeypots? Fernando Martins (Apr 22)
- Re: Jail Time for Honeypots? yannick san (Apr 24)
- Re: Jail Time for Honeypots? Jimi Thompson (Apr 24)
- Re: Jail Time for Honeypots? yannick san (Apr 24)
- RE: Jail Time for Honeypots? dave (Apr 22)
- Re: Jail Time for Honeypots? Jim Geovedi (Apr 21)
- Re: Honeyd Censorship Marcel (Apr 12)
- Michigan Super DMCA Richard Rager (Apr 13)