Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Wireless Security (Part 2)

from [Craig Wright] Network Security [Permanent Link]
Subject: RE: Wireless Security (Part 2)
Date: Thu, 25 May 2006 05:54:25 +1000 

Hi
First and sorry for the misunderstanding, but LE = law enforcement
 
"But I'm not talking about "remotely" attacking a server.  I'm talking about
anything on  MY network" In the case of a physical server this may be true that 
it is on your server and with certain exceptions and to the policy of the site 
you may be able to attack it if it is physically on the site with impunity.
 
In the case from the subject and thread you can not. A wireless host is not on 
your network. A lease of an IP address is at best an assignment of license and 
you have no rights to attack it. You have a right to extinguish the license. 
 
In Canada (CA) there are statues concerning access to radio frequency media. 
Wireless networking is included. By attacking a remote wireless host you are 
breaching the criminal codes.
 
Even in CA, you have the right to detain only to hold for the police. Not just 
as they trespassed
 
Regards
Craig

        -----Original Message----- 
        From: Ian Scott [mailto:ian@pairowoodies.com] 
        Sent: Wed 24/05/2006 8:48 PM 
        To: Craig Wright 
        Cc: security-basics@securityfocus.com 
        Subject: Re: Wireless Security (Part 2)
        
        
On May 24, 2006 05:12 am, Craig Wright wrote:

Ian,
Cases where you can detain a person who is there are not analogous to
remotely attacking a server.


But I'm not talking about "remotely" attacking a server.  I'm talking about
anything on  MY network, and that is using IP addresses I've asssigned as far
as the public IP's that I have control over, or the private IP's that I have
control over.


Next, the rights of LE are not those of the general public.


Have no clue what you mean.  What is LE?

AS well, the "general public" have no righs.  Invidividuals have rights.



In case where there is a system on your network you do not have the
relivant rights in possession. You may be lucky and not be charged. This
happens. Often LE will turn a blind eye for the "greater good". This does
not make the action warranted.


There is no such thing as "greater good."

What action are you referring to, with regard to being "warranted?'  Any
action I do, that is justified under law, which includes, using as much as
necesarry, is completely warranted.


"then doing whatever is necessary to stop the trespass from continuing."
block access. On a network when you already know of the attack this is not
as difficult as many of the analogies that fly about.


Don't have clue to what you mean, in regard to what I've stated  In your
world, "blocking access" could also be a "trespass," no?

In my world, that might be one of the first things I'd do.  My activity
however, might also increase to where I could discover what exactly is going
on, and I might take whatever actions I wish, on MY network, against ANY
device, on MY network.



What happens if you attack the wrong system?


The owner complains to me.  If he don't like my explanation, he goes and finds
another network to join with.

But in reality, I can never attack the "wrong" system, for i have every right
to know at all times, everything that is on my network. Therefore, there is
no "attack."



Liability limited by a scheme approved under Professional Standards Legislation 
in respect of matters arising within those States and Territories of Australia 
where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If 
you are not the intended recipient, you must not use or disclose the 
information. If you have received this email in error, please inform us 
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the 
email and destroy any printed copy.  

Any views expressed in this message are those of the individual sender. You may 
not rely on this message as advice unless it has been electronically signed by 
a Partner of BDO or it is subsequently confirmed by letter or fax signed by a 
Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments 
due to viruses, interference, interception, corruption or unauthorised access.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AD Policy audit tool for Windows 2000, Koolk3
Next by Date:  DNS all records requests, Glenn English
Previous by Thread:  Re: Wireless Security (Part 2), Ian Scott
Next by Thread:  RE: Wireless Security (Part 2), Craig Wright
Indexes:  [Date] [Thread] [Top] [All Lists]