-
November 18th, 2003, 04:44 AM
#1
Legality of snort on broadband network..
This is just one question I have on the legality of the IDS known as snort...When I run it, of course I save it to a logfile for later use..Since I have cable, my machine is a node on their network..I was just wondering if maybe they wouldn't want me to run an IDS, because there are lots of packets whizzing around from other nodes on their network...Any thoughts ? Should i get their permission ?
"Serenity is not the absence of conflict, but the ability to cope with it."
-
November 18th, 2003, 05:00 AM
#2
Legally, anyone running on your local network has a fully legal expectation of privacy on that network, unless your ISP has a service agreement which says otherwise. Read your service agreement with them. If it contains a clause prohibiting this, then forget it. It's illegal. If no such clause exists, it's probably still illegal, because everyone else in your neighbourhood has a "reasonable expectation of privacy".
So in short, unless your ISP specifically states that its users have ABSOLUTELY NO EXPECTATION OF PRIVACY on thier networks, then what you're doing is probably illegal.
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError community!
-
November 18th, 2003, 05:04 AM
#3
It also sais that you are responsible for the security of your own systems...Which can mean alot of things...But as for snort, since it may be illegal and i don't know for sure, maybe i'll give them a call...thx for your replies so far..
"Serenity is not the absence of conflict, but the ability to cope with it."
-
November 18th, 2003, 05:17 AM
#4
Perhaps your broadband connection is different than mine, which is cable. But if I run any type of network scan at the cable modem I see broadcast traffic and probes from other nodes, but I do not see packets that are destined specifically for other systems. Such as websurfing or anything like that. If all you are getting is broadcast traffic, it'll have a destination address of 255.255.255.255. If you are getting packets that have a destination IP other than yours, it could very possibly be against terms of service. I don't think however that it would be illegal as you have not accessed any data by force, or by doing something that you shouldn't be doing. What you do with the data could be illegal. But that would be a poorly configured network.
-
November 18th, 2003, 09:47 PM
#5
Hey you should open an account with BT Broadband (UK).............I just had them tell me that they do not filter or block anything..........so they would not care I had complained about the number of port scanning attempts that I have been getting.
Cheers
-
November 18th, 2003, 11:21 PM
#6
nihil: heh, maybe I should sign up....But as for the IDS, my purpose is to watch out for my own systems security, seeing as though i don't know too much on how things are on their network..But I gotta call them soon, and with snort I think someone from korea was scanning for a cgi-hole and my system just happened to be in the scan list. oh well, I'll get back to you guys when i find out the TOS..Even though I am not too excited about talking to tech support people.. Thx for the replies
"Serenity is not the absence of conflict, but the ability to cope with it."
-
November 18th, 2003, 11:41 PM
#7
No one ever is excited to talk to tech support. But cant wait to hear what you find.
PeacE
-BoB
#!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)
-
November 18th, 2003, 11:45 PM
#8
I'm leaning towards what mloughlan said.
unless the port that you are plugged in to at the switch (at your ISP) is a monitoring port, then you aren't going to see everything on that network. Now if you run in promiscuous mode then you might see some other traffic that is not destined to you.
I've run snort on my home network and I have never seen anything that wasn't sent to my machine. I have run it with both cable and with DSL to the same effect.
Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.
-
November 18th, 2003, 11:58 PM
#9
Hi n01100110,
I didn't mention................It took them 36 hours to give me a final response I guess it had to go through corporate affairs and the legal department first, so don't be surprised if they take some time.
If they say "no"............ask them what THEY are doing to protect you instead
It is fun messing with their minds..............................
Good luck
-
November 24th, 2003, 08:26 PM
#10
Member
Whether or not you run your nic in promiscous mode or not, you very highly doubt you are not going to see non-broadcast traffic. I'm sure your ISP will tell you it is unacceptable to run a sniffer, but don't you have a right to see everything that passes your nic card?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|