Re: Security Event / Customer Reporting

From: Nick FitzGerald (nick@virus-l.demon.co.uk)
Date: Fri Jul 13 2001 - 15:44:34 PDT

  • Next message: Dean Cunningham: "RE: SMTP server (How can I find out the real source of an attack)"

    "Tyrannis Von Nettesheim" <tyrannisat_private> wrote:
    
    <<some good and interesting stuff snipped>>
    > Stepping above the day-to-day techie mindset we're in, it's interesting to
    > consider the question of : "Who owns a packet once it's off your network?".
    
    I presume you mean "...off the originating machines sub-net" or 
    something like that?  Or did you mean that you "own" a packet while 
    it transits your network, for whatever reason it may be there?  If 
    you meant the latter, the next sentence is a non sequiter, so I will 
    assume you mean something like the former.
    
    > Current US law seems to view examining transit traffic like radio
    > interception - a no-no, for the most part.  ...
    
    In that case, the law (as a prominent English judge once remarked)
    would be an ass.  Using (only) radio analogies in determining 
    legalities for "domain-style" networks means that the resulting laws 
    and directives will be fundamentally broken.  Remember, an inherent 
    difference between "broadcast spectrum" and "routable protocol" 
    networks is that the latter can only work by *requiring* intermediary 
    "inspection" of (part of) the information flow across what may be 
    loosely conceived of as "ownership boundaries" (and, worse, "media 
    translation" (and some other services required to make our modern 
    networks work) requires "manipulating" more of the data stream than 
    simply the headers or delivery envelopes).
    
    > ...  There's also the huge issue of
    > how to prove / maintain a chain-of-evidence, yet another slippery slope in
    > the digital crime era. =(
    
    Yep...
    
    
    Regards,
    
    Nick FitzGerald
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 17:16:54 PDT