Honeypots mailing list archives
Re: Honeynet Alliance Charter Question
From: Sushant Sinha <sushant () umich edu>
Date: Wed, 16 Mar 2005 10:39:14 -0500
I think until and unless you have actively solicited someone to break in, you can use the log data to prosecute. You can actively solicit someone by 1. asking him to break in by an out-of-band mechanism (or by an open break-in challenge) 2. joining a bot-net by your own 3. running a client on honeypot which actively monitors blackhat communication channels like IRC, demonstrating a vulnerability and then, you cannot sue for someone exploiting it I cannot think of more, but, I think most of the cases data CAN be used to prosecute. -Sushant. On Wednesday 16 March 2005 08:19 am, Chris Brenton wrote:
On Wed, 2005-03-16 at 02:33, Adam Carlson wrote:From what I've read entrapment only applies when one is attempting to use the information to criminally prosecute individuals.Agreed, it comes down to intent. If the information is collected for the sole purpose of prosecution, you are on a gray line. There are some easy ways around this however: 1) Develop a process of collecting logs from all your primary systems, not just your honeypot. 2) Give your honeypot some active but minor role in your network, such as a backup secondary DNS server. Given both of the above, entrapment becomes a non-issue.From what I understand from the entrapment laws, if there is some collaboration between the honeynet alliance and law enforcement, then the honeynet alliance could be guilty of entrapment.Unfortunately, this line can be fuzzy. If you've had zero interaction with law enforcement regarding a specific incident, but have worked with law enforcement in the past on previous incidents, it *could* be enough to show "reasonable doubt". Its not a given however as each situation is different.I think a big part of liability depends on whether or not you are monitoring with the intent of using it in a criminal prosecution.Bingo, thus the first item above. If collecting logs is part of your daily operations, its certainly not focused on prosecution. HTH, Chris
Current thread:
- Honeynet Alliance Charter Question Adam Carlson (Mar 15)
- Re: Honeynet Alliance Charter Question sushant (Mar 15)
- RE: Honeynet Alliance Charter Question Christopher Cook (Mar 15)
- Re: Honeynet Alliance Charter Question Adam Carlson (Mar 16)
- Re: Honeynet Alliance Charter Question Chris Brenton (Mar 16)
- Re: Honeynet Alliance Charter Question Sushant Sinha (Mar 16)
- Re: Honeynet Alliance Charter Question Adam Carlson (Mar 16)
- Re: Honeynet Alliance Charter Question Chris Brenton (Mar 16)
- Re: Honeynet Alliance Charter Question sushant (Mar 15)
- <Possible follow-ups>
- RE: Honeynet Alliance Charter Question Croad Christopher D Contr AFRL/IFOSS (Mar 16)