[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FW: Redirecting closed port connections

To: mouss <usebsd@free.fr>
Subject: RE: FW: Redirecting closed port connections
From: William.Stackpole@predictive.com
Date: Fri, 12 May 2000 10:23:33 -0400
Cc: Firewalls@Lists.GNAC.NET


    [ Part 1, Text/PLAIN  59 lines. ]
    [ Unable to print this part. ]


To what extent you are allowed to prosecute someone is going to vary from
country to country and in the US from state to state.  Some state have a
stricter definition of "access" that could be applied to attempts.  But
they all can be applied if the person goes beyond the attempt and
actually gains access to the system.  The fact that he or she has been
redirected to a non-production system has nothing to do with it.  They
still gained unauthorized access to a computer system and are subject to
crimminal penalties for do so.  

There is at least one commerial "honey pot" on the market and I've seen
several different proposals for similar systems.  One that I though was
very funny was a Linux box running a Perl script that acted like several
inetd services.  When the attacker tried one of the exploits they
"succeeded" and got into a change rooted directory where all the standard
utilities just came back with a "failed" message.  There was also a
hidden warez directory with a compressed file containing 12GB of zeros!
 Must have been pretty funny when they tried to open it.  So sorry, you
are "Out of disk space"  ;-}

-Bill Stackpole, CISSP
         



"mouss" <usebsd@free.fr>

05/11/00 08:41 PM
       
        To:        <William.Stackpole@predictive.com>,
<Firewalls@Lists.GNAC.NET>
        cc:        
        Subject:        RE: FW: Redirecting closed port connections

good point.

some recent european (or are these only french?) laws allow prosecuting
based on attempts.
but this seems theoritical, as I don't see how to prove the "attempt"
since
logs can be
forged.

on the other hand, if the attacker does not cause damages, you can only
prosecute him
for having tried (he finally only accessed a service where you redirected
him), and
if the redirection is well done, he won't cause damage. Am I missing
something?



William.Stackpole@predictive.com wrote
> Your point is well taken, unfortunately, to prosecute someone you
>really need them to actually access a system that they are not
authorized
to.
>Attempting to access a system isn't sufficient for prosecution.

Prev by Date: RE: ZoneAlarm vs BlackICE Defender va Norton Internet Security
Next by Date: UDP Port 33434
Prev by thread: RE: FW: Redirecting closed port connections
Next by thread: RE: FW: Redirecting closed port connections
Index(es):
- Date
- Thread