RE: Legal question

From: Staggs, Michael (Michael_Staggsat_private)
Date: Mon Jan 17 2000 - 19:45:55 PST

Next message: Marco Bano: "searching ftp deamon on linux/unix with SSL"

Previous message: Chris Brenton: "Re: Open ports on FW1"
Maybe in reply to: Crumrine, Gary L: "Legal question"
Next in thread: Larry Fitzpatrick: "Re: Legal question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Back in my days of Penetration Testing, one of the tricks in my bag was to
do just that... dress up as a janitor (with a laptop Sniffer concealed in my
cleaning kit), waltz right in and start checking for a comm closet. One
trace file and the network was well compromised.

Prior to this, we ALWAYS completed a Non- Disclosure agreement with the
client. Our legal eagles would not let us proceed without one. My 02
centavos is that yes, it is surely unethical, if not illegal and to proceed
without one is asking for legal hassles of the painful variety.

MJ

-----Original Message-----
From: Carl Friedberg [mailto:friedbergat_private]
Sent: Saturday, January 15, 2000 9:26 PM
To: 'Crumrine, Gary L'; firewall-wizardsat_private
Subject: RE: Legal question


I am not familiar with any of the statutes which define wiretapping and
protected communications. However, given "convergence" of telecommunications
and data communications, and voice over IP (VOIP), at the very least,
(assuming you did NOT have any permission to hook up the sniffer) you would
probably have to discard the VOIP without looking at it...

I would imagine that if you did not have a legitimate reason for snooping
the data, you could be in for some legal troubles (ie. theft of trade
secrets comes to mind)...

I'm sure it depends on circumstances. Are you an ISP trouble-shooting a
connection from that network? Probably allowed, but you would have to be
careful about what you did with the packet data. I would hope that this is
covered in a contract between the ISP/IPP and the customer...

Are you a competitor who bribed someone to let you into a wireroom with the
sniffer? I think you get the drift...

Just my 2 cents, carlat_private

-----Original Message-----
From: Crumrine, Gary L [mailto:CrumrineGLat_private]
Sent: Friday, January 14, 2000 5:51 AM
To: firewall-wizardsat_private
Subject: Legal question


After wearing out my fingers during a heated conversation with another
colleague over legalities of certain actions, a question came up in my mind
concerning sniffers and their usage.

If a sniffer was placed on the outside of a given network, and was
configured to sniff packets coming from that network only, does this
constitute an illegal wire tap?  And do the same rules apply to data as they
do voice?  In some cases it transits the same copper wire... ouch I am
getting a headache..

Next message: Marco Bano: "searching ftp deamon on linux/unix with SSL"
Previous message: Chris Brenton: "Re: Open ports on FW1"
Maybe in reply to: Crumrine, Gary L: "Legal question"
Next in thread: Larry Fitzpatrick: "Re: Legal question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:58:24 PDT