Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Legality of snort on broadband network..

  1. #1
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352

    Question Legality of snort on broadband network..

    This is just one question I have on the legality of the IDS known as snort...When I run it, of course I save it to a logfile for later use..Since I have cable, my machine is a node on their network..I was just wondering if maybe they wouldn't want me to run an IDS, because there are lots of packets whizzing around from other nodes on their network...Any thoughts ? Should i get their permission ?
    "Serenity is not the absence of conflict, but the ability to cope with it."

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Legally, anyone running on your local network has a fully legal expectation of privacy on that network, unless your ISP has a service agreement which says otherwise. Read your service agreement with them. If it contains a clause prohibiting this, then forget it. It's illegal. If no such clause exists, it's probably still illegal, because everyone else in your neighbourhood has a "reasonable expectation of privacy".

    So in short, unless your ISP specifically states that its users have ABSOLUTELY NO EXPECTATION OF PRIVACY on thier networks, then what you're doing is probably illegal.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  3. #3
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    It also sais that you are responsible for the security of your own systems...Which can mean alot of things...But as for snort, since it may be illegal and i don't know for sure, maybe i'll give them a call...thx for your replies so far..
    "Serenity is not the absence of conflict, but the ability to cope with it."

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Perhaps your broadband connection is different than mine, which is cable. But if I run any type of network scan at the cable modem I see broadcast traffic and probes from other nodes, but I do not see packets that are destined specifically for other systems. Such as websurfing or anything like that. If all you are getting is broadcast traffic, it'll have a destination address of 255.255.255.255. If you are getting packets that have a destination IP other than yours, it could very possibly be against terms of service. I don't think however that it would be illegal as you have not accessed any data by force, or by doing something that you shouldn't be doing. What you do with the data could be illegal. But that would be a poorly configured network.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey you should open an account with BT Broadband (UK).............I just had them tell me that they do not filter or block anything..........so they would not care I had complained about the number of port scanning attempts that I have been getting.

    Cheers

  6. #6
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    nihil: heh, maybe I should sign up....But as for the IDS, my purpose is to watch out for my own systems security, seeing as though i don't know too much on how things are on their network..But I gotta call them soon, and with snort I think someone from korea was scanning for a cgi-hole and my system just happened to be in the scan list. oh well, I'll get back to you guys when i find out the TOS..Even though I am not too excited about talking to tech support people.. Thx for the replies
    "Serenity is not the absence of conflict, but the ability to cope with it."

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Posts
    301
    No one ever is excited to talk to tech support. But cant wait to hear what you find.

    PeacE
    -BoB
    #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
    ($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
    Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
    ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    I'm leaning towards what mloughlan said.

    unless the port that you are plugged in to at the switch (at your ISP) is a monitoring port, then you aren't going to see everything on that network. Now if you run in promiscuous mode then you might see some other traffic that is not destined to you.

    I've run snort on my home network and I have never seen anything that wasn't sent to my machine. I have run it with both cable and with DSL to the same effect.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi n01100110,

    I didn't mention................It took them 36 hours to give me a final response I guess it had to go through corporate affairs and the legal department first, so don't be surprised if they take some time.

    If they say "no"............ask them what THEY are doing to protect you instead


    It is fun messing with their minds..............................


    Good luck

  10. #10
    Whether or not you run your nic in promiscous mode or not, you very highly doubt you are not going to see non-broadcast traffic. I'm sure your ISP will tell you it is unacceptable to run a sniffer, but don't you have a right to see everything that passes your nic card?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •