honeypots leagal? - Page 3
Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: honeypots leagal?

  1. #21
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hmmm,

    I was wondering if the "rules" are different for a private computer as opposed to one that is "visible" on the net and/or open to the public?

    Seems to me that it is the person hacking into the private computer who is commiting the invasion of privacy?

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #22
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Seems to me that it is the person hacking into the private computer who is commiting the invasion of privacy?
    Actually, last I checked, that was B&E. I find laws to be a bit weird when you get down to the technicalities of the law.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #23
    Junior Member
    Join Date
    Feb 2004
    Posts
    12
    IMHO a honeypot is just like any other computer. It would just happen to be a computer that has good loging systems/IDS's.

    If you hacked joe shmoe, and joe requests the logfile from a proxy that the attacker went through, would it be illegal for the proxy to give up that log?

    How can you define what the true intent of a computers use is.....all the admin has to say is that its his personal PC and no one could say other wise.

    just my thoughts, take them with a grain of salt

  4. #24
    Junior Member
    Join Date
    May 2003
    Posts
    7
    According to CISSP cert info., honeypots are legal. Honepots are used for enticement, which is not illegal.
    Anything used for entrapment, such as a user clicking on a link but actaully downloads illegal software is illegal.

  5. #25
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    If you hacked joe shmoe, and joe requests the logfile from a proxy that the attacker went through, would it be illegal for the proxy to give up that log?
    I'd say it'd depend on how they define their privacy policy. Reality is that if the FBI comes with a warrant only an idiot wanting to get a new roommate called "Bubba" would balk. If an individual requests it, it'd be unlikely if the proxy would respond at all. Joe Shmoe has a better chance if he files a complaint with police and let them take it further with the court system.

    How can you define what the true intent of a computers use is.....all the admin has to say is that its his personal PC and no one could say other wise.
    Uh. No. Companies identify what they own so as to avoid issues of ownership and to enforce security measures. Computers, networks, proprietary information are all property of the company. So an admin cannot just say "it's my personal pc" unless it really is. Intent is a hard thing to prove but it's done all the time in murder cases (Murder in the First degree versus Murder in the Second Degree: the difference? Intent) so it's not that impossible.

    According to CISSP cert info., honeypots are legal. Honepots are used for enticement, which is not illegal.
    Anything used for entrapment, such as a user clicking on a link but actaully downloads illegal software is illegal.
    CISSP/ISC(2) is not the law. I think scanning is perfectly legal. Courts in various states might disagree with that. Until it's tested in court, it's still grey area IMHO.

    As far as the Entrapment possibility.. Let's remember that Google is so much fun. Let's be clear first what entrapment means.

    The inducement, by law enforcement officers or their agents, of another person to commit a crime for the purposes of bringing charges for the commission of that artificially-provoked crime. This technique, because it involves abetting the commission of a crime, which is itself a crime, is severely curtailed under the constitutional law of many states.
    So unless you are a police officer or a member of some other law enforcement agency, or encouraged by a law enforcement agency, you are NOT committing entrapment if you setup a honeypot and the user chooses to download illegal software or what-have-you.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #26
    Member
    Join Date
    Jan 2004
    Posts
    40
    There was a story on TechTV about four months ago that had to do with a man who was having problems with people getting into his system, He built a honeypot for collecting info on the hackers and to try to get their ISP to help stop them. I do not know if anything happened to him, but the info he collected was turned over to the FBI. as for scanning, was not illegal in itself, but posting the info is. I just wish I could remember the name of the story for the honeypot.

    Thank you for your time.
    paper on a court case about port scannng,
    http://216.239.39.104/search?q=cache...hl=en&ie=UTF-8

    a colunm by Dan Gillmor
    http://weblog.siliconvalley.com/colu...s/000946.shtml
    I have 315 relays and 118 switches and have all the power of a calculator.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides