Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 42

Thread: how to indentify a wireless intruder

  1. #31
    Junior Member
    Join Date
    Dec 2008
    Posts
    69

    Default

    Quote Originally Posted by ShadowKill View Post
    But you know legally you'd be in the wrong. As the admin you would know what machines should and shouldn't be connected and reporting the intrusion would be more likely to keep you out of the defendant seat than DDoSing the SoB would.
    Indeed. As far as the law is concerned, the fact that intruder hacked into the network is irrelevant.
    First Rule of Holes: When you're in one - Stop Digging!

  2. #32
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    True, but who in their right mind would take me to court? "You see your honor, after I cracked this guys network encryption, my laptop's drive was wiped." Yea, that'd go over huge. Who exactly would I report it to? The local PD? They'd give a shit. They'd most likely tell me to turn off my wireless if I didn't want the guy on it. I do actually run a pxe boot server on my network that will wipe and reimage computers booted from it. Who's also to say I didn't have that network set up for testing exploits. It's not my fault that at the time I was testing my latest "nuke'em all and let god sort them out" virus, this moron hacked into the network to download Pr0n. The point is, no one but me knows what's going on on my network. I could be Joe Average and just use it for the intertubes, or I could be running the networked Dban wiping a half dozen client machines before reimaging. Just like that sign I've got posted on my property, trespassers will be shot, survivors well be shot again.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  3. #33
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by Barry View Post
    True, but who in their right mind would take me to court? "You see your honor, after I cracked this guys network encryption, my laptop's drive was wiped." Yea, that'd go over huge. Who exactly would I report it to? The local PD? They'd give a shit. They'd most likely tell me to turn off my wireless if I didn't want the guy on it. I do actually run a pxe boot server on my network that will wipe and reimage computers booted from it. Who's also to say I didn't have that network set up for testing exploits. It's not my fault that at the time I was testing my latest "nuke'em all and let god sort them out" virus, this moron hacked into the network to download Pr0n. The point is, no one but me knows what's going on on my network. I could be Joe Average and just use it for the intertubes, or I could be running the networked Dban wiping a half dozen client machines before reimaging. Just like that sign I've got posted on my property, trespassers will be shot, survivors well be shot again.
    I know what you're saying, and I agree. The problem is that the system doesn't agree. Look at case of the thief who attempted to break into this house, fell through the skylight and landed on a knife. He sued the owner and WON. Same with the case of the owner that shot and killed the man breaking into his home. He was arrested and charged with murder.

    It's not always about what's right or wrong as much as it is about loopholes and legal hangups. I'd just be careful is all I'm saying brother. You know me, I'm not one to chastise the rest of us seniors because we for the most part are all on the same page. Just be careful....



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  4. #34
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Oh I hear you. That's also why I won't move to a state without castle laws. If I can't shoot an intruder, the state doesn't care enough about it's citizens.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  5. #35
    Member
    Join Date
    Apr 2007
    Posts
    155

    Default

    Well i can tell you one way to find out if there is an intruder who has seen Xploits videos... if their MAC address is 00:11:22:33:44:55 and they are associated with your AP, then thats an intruder
    This is a hackers forum :P
    root ~# aircrack-ng pwnd-01.cap
    Lenovo Thinkpad R500, OS: Ubuntu 8.10, BackTrack3, Windows XP (VirtualBox), Windows Vista, Windows 7 beta

  6. #36
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by ShadowKill View Post
    But you know legally you'd be in the wrong. As the admin you would know what machines should and shouldn't be connected and reporting the intrusion would be more likely to keep you out of the defendant seat than DDoSing the SoB would.
    Quote Originally Posted by Phoneywar View Post
    Indeed. As far as the law is concerned, the fact that intruder hacked into the network is irrelevant.
    Quote Originally Posted by ShadowKill View Post
    I know what you're saying, and I agree. The problem is that the system doesn't agree. Look at case of the thief who attempted to break into this house, fell through the skylight and landed on a knife. He sued the owner and WON. Same with the case of the owner that shot and killed the man breaking into his home. He was arrested and charged with murder.

    It's not always about what's right or wrong as much as it is about loopholes and legal hangups. I'd just be careful is all I'm saying brother. You know me, I'm not one to chastise the rest of us seniors because we for the most part are all on the same page. Just be careful....
    Current case law on counter-attacks actually isn't very quite clear at all. To date there is very little case law that addresses the issue. In fact, there have been some known cases where offensive vectors have been launched as a retaliation in direct response to an attack, and if not legally acceptable, those cases have been legally neutral in that no one was charged under existing computer crime laws.

    For a good look at the subject, see the following two papers: "Strike and Counterstrike: The Law on Automated Intrusions and Striking Back" BlackHat Windows Security 2003, Feb 27, 2003, and "Launch On Warning: Aggressive Defense of Computer Systems" Yale Journal of Law & Technology, Jan 1, 2004.*

    Both were authored by Curtis E. A. Karnow. Mr. Karnow is a lawyer, a part-time judge, and former Assistant US Attorney in the Criminal Division, who now specializes in electronic security, privacy, and intellectual property law. He says that at first blush, the very laws that make attacks illegal in the first place also seem to prevent counter-attacks, which is essentially of what you guys are saying. The first paper is a summary of a BlackHat presentation, while the second is a full-length article.

    The Yale Journal of Law & Technology article takes a good look on exactly the issues that you guys have been discussing: The lack of interest or ability for action by authorities, the low chances of prosecution of offenders who are geographically remote as well as possibly functioning under completely different political and legal systems, and the length of time an investigation may take, all compared to the damages a victim may suffer in both intellectual property, lost productivity, or both.

    Mr. Karnow argues that self-defense as a legal doctrine, may be acceptable under case law, although it might be tricky to establish clearly. He goes on to say that the legal doctrine of nuisance is actually clearer in this regard, and that

    "The remarkable aspect of nuisance law is that it expressedly contemplates self-help."
    Part of the reasoning for the application of both of these doctrines is that the courts have already established precedent in applying trespass as a legal doctrine to existing computer crime laws, and that courts will likely continue to apply previous doctrines to turn to new cases. For those who have little experience in dealing with courts and the law, I can tell you that courts are all about precedent.

    Mr. Karnow goes on to mention that even under the application of either nuisance or self-defense, that someone conducting a counterstrike might not be immune from some legal action, so I would advise people to proceed with caution in this area.

    * No doubt, some of you are reacting with 'OMG, 2003, 2004! That's like a lifetime ago! I've gone through three systems since then! Something in the law has to have changed since 2003!' The truth of the matter is that courts tend to act glacier speed in setting precedents. While six months of computer/Internet time can make something appear old and quaint, in the time line of the court system, six months akin to the blink of an eye. Little has changed in this regard since 2003 and 2004, and no doubt will continue to evolve for some years into the future.
    Thorn
    Stop the TSA now! Boycott the airlines.

  7. #37
    Junior Member
    Join Date
    Dec 2008
    Posts
    69

    Default

    Quote Originally Posted by ShadowKill View Post
    You know me, I'm not one to chastise the rest of us seniors...
    But junior members are fair game eh?


    Quote Originally Posted by Thorn View Post
    Current case law on counter-attacks actually isn't very quite clear at all...
    The title of the second paper is familiar so it's possible I may have read that one already or something very similar to it. The exact details escape me at the moment so I suppose I should have another look at it

    In the case of the farmer ShadowKill mentioned there was sufficient supporting evidence to suggest that he had deliberately waited for the intruders with the intention of shooting them. ie. he had told several people that he was going to shoot the next person who broke into his house. Additional evidence that he had been sitting on the stairs with the weapon at the time of the break in was sufficient to prove intent and hence murder. This was later reduced to manslaughter on appeal.

    In the same way it could be argued that by setting up a 'system' or 'application' to automatically 'retaliate' in the event of a unauthorised intrusion it ceases to be self-defence by way of premeditation.

    A further problem is that in the UK, the principle of self defence is qualified by a legal requirement to use no more force than is necessary which, even under the best of circumstances, is a very grey area. How on earth you would apply that to the defence of a computer system? Is crashing the intruder's system legal? What do you do when they reboot and try again? Would rendering it unbootable be going too far?

    Until this has been properly tested in court and there is enough case law to make an informed judgment I for one intend to err on the side of caution. Not that I could do much else of course, unlike you guys I lack the technical skills to implement such a solution

    BTW: While you are right about the law changing slowly, particularly when compared with the computer industry, you forgot to take a panic stricken and somewhat technologically challenged Labour Government into consideration

    The Computer Misuse Act has been amended several times since 2004, the latest being part of the Criminal Justice and Immigration Act 2008, and even now not all parts of it have come into force as yet.
    First Rule of Holes: When you're in one - Stop Digging!

  8. #38
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by Phoneywar View Post
    Indeed. As far as the law is concerned, the fact that intruder hacked into the network is irrelevant.
    Quote Originally Posted by Phoneywar View Post
    But junior members are fair game eh?




    The title of the second paper is familiar so it's possible I may have read that one already or something very similar to it. The exact details escape me at the moment so I suppose I should have another look at it

    In the case of the farmer ShadowKill mentioned there was sufficient supporting evidence to suggest that he had deliberately waited for the intruders with the intention of shooting them. ie. he had told several people that he was going to shoot the next person who broke into his house. Additional evidence that he had been sitting on the stairs with the weapon at the time of the break in was sufficient to prove intent and hence murder. This was later reduced to manslaughter on appeal.

    In the same way it could be argued that by setting up a 'system' or 'application' to automatically 'retaliate' in the event of a unauthorised intrusion it ceases to be self-defence by way of premeditation.

    A further problem is that in the UK, the principle of self defence is qualified by a legal requirement to use no more force than is necessary which, even under the best of circumstances, is a very grey area. How on earth you would apply that to the defence of a computer system? Is crashing the intruder's system legal? What do you do when they reboot and try again? Would rendering it unbootable be going too far?

    Until this has been properly tested in court and there is enough case law to make an informed judgment I for one intend to err on the side of caution. Not that I could do much else of course, unlike you guys I lack the technical skills to implement such a solution

    BTW: While you are right about the law changing slowly, particularly when compared with the computer industry, you forgot to take a panic stricken and somewhat technologically challenged Labour Government into consideration

    The Computer Misuse Act has been amended several times since 2004, the latest being part of the Criminal Justice and Immigration Act 2008, and even now not all parts of it have come into force as yet.
    Mr. Karnow addresses a lot of what you mention in the "Launch On Warning" article, including using greater force.
    Thorn
    Stop the TSA now! Boycott the airlines.

  9. #39
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by Phoneywar View Post
    But junior members are fair game eh?
    No, I've been spanked pretty hard before. Though unlike one senior member I can name, I've never been banned.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  10. #40
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by Phoneywar View Post
    But junior members are fair game eh?


    ...........

    .......
    ....
    ..
    .
    Not at all what I meant and I wasn't speaking to you so that could hardly have been a reflection of our previous dispute. The fact of the matter is, the majority of senior members are seniors for a reason: they have been around long enough to know what is "right and wrong" as it applies to the forum and leave unnecessary sarcasm out of places it doesn't belong.

    This dispute is quickly deteriorating this thread so if you still have a problem with me calling you out take it up with a mod. End of discussion.



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

Page 4 of 5 FirstFirst ... 2345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •