Re: Honeypots - All dried up by Super-DMCA

["Bruhn, Mark S." <mbruhn () INDIANA EDU>]

Seems it wouldn't be a problem at all, if you didn't use the information
to seek out and prosecute.  If we had one, and I'm not saying we do and
I'm not saying we don't   :-)  it would be populated with devices
representative of what is on campus, and we would use the information
gathered to improve security of devices on campuses, or develop better
detection tools.

M.

-- 
Mark S. Bruhn, CISSP

Chief IT Security and Policy Officer
Interim Director, Research and Educational Networking Information
Sharing and Analysis Center (ren-isac () iu edu)

Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326

Incidents involving IU IT resources: it-incident () iu edu
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu




-----Original Message-----
From: Schmidt, Eric W 
Sent: Friday, May 02, 2003 2:14 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Honeypots - All dried up by Super-DMCA


The only thing I can think of would be to draw on my experience as a
former federal law enforcement agent that says you never want to be the
one that makes bad case law.  Since honeypots really haven't been tested
in court, that would be one of my concerns.


Eric W. Schmidt, CISSP, CISM, DABFE
Information Security Officer
Indiana University School of Medicine
office:  317-278-8751
email:  erschmid () iupui edu


-----Original Message-----
From: David L. Wasley [mailto:david.wasley () UCOP EDU] 
Sent: Friday, May 02, 2003 11:51 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Honeypots - All dried up by Super-DMCA

I'm not a lawyer :-) but the way I read Tim Liston's article, I think
it's not clear that the law prohibits distribution or use of LaBrea
(although it might provoke legal action and that is really the issue for
Tim).

What Tim quotes says honeypots would be illegal "without the express
consent or express authorization of the communication service provider".
If the campus (the communications service provider) specifically
approved the use of a honeypot on its network, then it should not be a
problem.

As for "to conceal or to assist another to conceal from any
communication service provider or from any lawful authority the
existence or place of origin or destination of any communication" -
simply make sure the logs are available to the campus network NOC.

What am I missing?

        David
-----
At 10:53 PM -0400 on 5/1/03, Pete Hoffswell wrote:

> honeypots are very very cool.  I would be weary implementing them at
this time, however.
> Unfortunately, because of the DMCA laws, they may be illegal.
>
> Reference -
>
> Tom Liston, maker of Labrea, has stopped distributing his great
software due to Illinois Super-DMCA laws:
> http://www.hackbusters.net/
>
>
> Slashdot, etc, reports that new Michigan laws has made the development
of honeyd illegal:
> http://slashdot.org/articles/03/04/15/1454218.shtml?tid=153
>
> If anyone gets council clearing them to use labrea or honeyd, I would
be very interested.
> - Pete
>
>
>
> > > > morrow.long () YALE EDU 05/01/03 21:25 PM >>>
> Lance Spitzner article on how 'honeypots' can be effective tools
> in the information security kit for protecting production nets
> (as opposed to just research experiments for collecting data):
>
>        http://www.securityfocus.com/infocus/1690
>
> Morrow
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.