To what extent you are allowed to prosecute someone is going to vary from country to country and in the US from state to state. Some state have a stricter definition of "access" that could be applied to attempts. But they all can be applied if the person goes beyond the attempt and actually gains access to the system. The fact that he or she has been redirected to a non-production system has nothing to do with it. They still gained unauthorized access to a computer system and are subject to crimminal penalties for do so.
There is at least one commerial "honey pot" on the market and I've seen several different proposals for similar systems. One that I though was very funny was a Linux box running a Perl script that acted like several inetd services. When the attacker tried one of the exploits they "succeeded" and got into a change rooted directory where all the standard utilities just came back with a "failed" message. There was also a hidden warez directory with a compressed file containing 12GB of zeros! Must have been pretty funny when they tried to open it. So sorry, you are "Out of disk space" ;-}
-Bill Stackpole, CISSP
| "mouss" <[EMAIL PROTECTED]>
05/11/00 08:41 PM
|
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> cc: Subject: RE: FW: Redirecting closed port connections |
good point.
some recent european (or are these only french?) laws allow prosecuting
based on attempts.
but this seems theoritical, as I don't see how to prove the "attempt" since
logs can be
forged.
on the other hand, if the attacker does not cause damages, you can only
prosecute him
for having tried (he finally only accessed a service where you redirected
him), and
if the redirection is well done, he won't cause damage. Am I missing
something?
[EMAIL PROTECTED] wrote
> Your point is well taken, unfortunately, to prosecute someone you
>really need them to actually access a system that they are not authorized
to.
>Attempting to access a system isn't sufficient for prosecution.
