Penetration Testing mailing list archives
RE: How to track down a wireless hacker
From: "ep" <captgoodnight () hotmail com>
Date: Fri, 9 Nov 2007 01:24:33 -0900
"Ah, if only all pentesters were also honeynet admins, /sigh"First, pen-testing is function of testing, not forensic analysis and
incident response. Pen-testing has all the flavors of forensic analysis and incident response. It's just the other side of the coin that's usually amiss in practice.
How do you propose to track the cookie? Are you making the assumption that
all attacks will be to a web server? Adding a cookie to a web session is a valid response, if it is not a web >>session (and I saw nothing to suggest that this attack on an internal network was) then it may not be. It's NOT a web cookie, though in another example it could be and in fact it's the same functional idea. More specifically it's a username and password that belongs to (for the sake of the argument) OUR NETWORK, be it the network the attacker sniffed them from after breaking into or the one he/she would log into later on. That action would be a lead, from there we could add other ingredients to create more leads... But NEVER would any piece of data be placed on the attacker's machine that he/she didn't knowingly place there themselves. May I say dear Craig, that simple fact pretty much negates your remaining 'reply'. But let's continue. Once an ATTACKER steps past the authentication/authorization border he/she loses all rights of expected privacy on that network. As well, entrapment (4th amendment) applies to law enforcement ect..., which I'm not. If you are curious to the legalities of honeynets in the US then may I suggest you visit this site http://www.honeynet.org. Also, please kindly trim your replies. Have fun, --cg
Adding active content to track the attacker is in fact an illegal access
in itself. The defence of necessity will only hold in cases such as this if the action was truly necessary. An
example would be to save a life. I saw no indication of this here.
You seem a little flippant of the difficulties of tracking code and also
of the legalities associated with this. Just because you are being attacked does not present you with the right >>or the legal reasoning to attack back.
Next what if the attack was through another system? One that is ignorant
of their part in all this? Installing a cookie as you so simply put if other than a simple web cookie is a
breach of a number of US Acts.
I would even state that this is dangerously close to the use of a "pen
register" or "trap and trace device". I would suggest a reading of the USA Patriot Act of 2001 Federal Criminal
Code Related to Computer Intrusions - and "18 U.S.C. ยง 3121 et seq.
Recording of Dialling, Routing, Addressing, and Signalling Information" in particular. Then we have the whole issue
of uploading data to a computer... Sorry, good intentions do not stop this
from being a crime.
You can not commit a crime to prevent a crime.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: How to track down a wireless hacker, (continued)
- RE: How to track down a wireless hacker ep (Nov 07)
- Message not available
- Re: How to track down a wireless hacker Nicholas Chapel (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 07)
- RE: How to track down a wireless hacker Ng, Kenneth (US) (Nov 07)
- Re: How to track down a wireless hacker cwright (Nov 07)
- Re: Re: How to track down a wireless hacker cwright (Nov 07)
- Re: How to track down a wireless hacker Francois Larouche (Nov 08)
- RE: How to track down a wireless hacker ep (Nov 08)
- RE: How to track down a wireless hacker cwright (Nov 10)
- RE: How to track down a wireless hacker ep (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 10)
- Re: How to track down a wireless hacker Jan Heisterkamp (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 13)
- RE: How to track down a wireless hacker cwright (Nov 13)
- Re: RE: How to track down a wireless hacker cwright (Nov 13)
- Re: How to track down a wireless hacker Jan Heisterkamp (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 13)
- Re: RE: How to track down a wireless hacker cwright (Nov 15)