Honeypots mailing list archives
Re: Few questions about sp800-31
From: Valdis.Kletnieks () vt edu
Date: Mon, 27 Nov 2006 16:07:24 -0500
On Mon, 27 Nov 2006 16:27:09 +0300, "Kuznetsov A.N." said:
Hi list, recently I have read sp800-31(NIST Special Publication on Intrusion Detection System) and have some questions about it. On page 28 they wrote about disadvantages of Honey Pots and Padded Cells - The legal implications of using such devices are not well defined What kind of problems with law can any have when using Honey Pot or Padded Cell? The best thing I can guess that it can be some problems if IDS redirect legal user to Padded Cell and he get wrong info.
A bigger issue (at least in the US) is if you divert a legitimate user to a Padded Cell environment, and your SLA/EULA/contract/whatever doesn't give advance notice that the user's traffic may be sampled/captured. On the one hand, 18 USC 2511 (2)(a)(i) gives *some* wiggle room - it depends on whether you think a honeypot/padded cell is allowed under "... provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks." On the other hand, if a padded cell isn't a "service quality control check", you may have a problem.... http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002511----000-.html Most of these problems are easily worked around if you have a prior notice that "All traffic may be monitored" or similar, as intercepts with permission (even implicitly given by using the service after being informed of the monitoring) is usually OK. I am *NOT* a lawyer, and if the exact details matter, I suggest you hire one of your own....
Attachment:
_bin
Description:
Current thread:
- Few questions about sp800-31 Kuznetsov A.N. (Nov 27)
- Re: Few questions about sp800-31 Valdis . Kletnieks (Nov 27)
- <Possible follow-ups>
- RE: Few questions about sp800-31 Glenn.Everhart (Nov 27)
- Few questions about sp800-31 Kuznetsov A.N. (Nov 29)