Your point is well taken, unfortunately, to prosecute someone you really need them to actually access a system that they are not authorized to. Attempting to access a system isn't sufficient for prosecution.
--Bill Stackpole, CISSP
"mouss" <[EMAIL PROTECTED]>
05/12/2000 02:57 AM ZE2
To: <[EMAIL PROTECTED]>, "mouss" <[EMAIL PROTECTED]>
cc: <[EMAIL PROTECTED]>
bcc:
Subject: RE: FW: Redirecting closed port connections
right, but you can still check wh's doing what and try to find them without
"telling them". I mean, just block the port and log the attempts.
the problem with the approach of trying to keep them connected to have more
time
to discover them is that nothing guarantees you'll trace them, and you have
to
check and recheck the code to make sure there is no hole in it.
similar stuff has been discussed by cheswick&co in "builing internet
firewalls" I think.
there they talk about the risks they've taking trying to get the attacker
(nd they also
talk about risks that may be created by the use of safe-finger stuff....).
