Re: Dsniff/mailsnarf
On Tue, Feb 24, 2004 at 06:45:50PM -0500, [EMAIL PROTECTED] wrote: > On Tue, Feb 24, 2004 at 06:19:48PM -0500, John Keimel wrote: > > On Tue, Feb 24, 2004 at 06:11:20PM -0500, [EMAIL PROTECTED] wrote: > > > I've been asked to place a sniffer on a network that handles HIPPA data, > > > and watch for e-mail containing certain strings. I figured that mailsnarf > > > would be the best way to do this. > > > > > Aside from any of hte technical details of this, I'm kind of wondering > > how this fits into HIPPA and it's policies. > > Certain info has to be protected. Like, all of it. I've dealt with HIPPA, so I know. My befuddlement was over the idea of sniffing for that info and the assumptions that one has to make in doing such a thing. > > I'd be sure that if I were you, I'd have written evidence of someone (a > > boss/supervisor/etc) ordering this kind of behaviour and also my > > objection to sniffing data that might be confidential under HIPPA. > > I have a very nice contract, complete with a very detailed scope of work, > which my lawyer has OKed. -snip- > There's no CYA. I'm being asked to verify that there is no HIPPA > information that is leaving the site, accidentally or otherwise. There > is a nice defined set of keywords that would be used in any of the > documentation (it's a testing Lab). If the capture file size *ever* > goes above 0 bytes, they have a problem. That's all I'm involved with. > I want *nothing* to do with the actual data. I'm just setting up a > system that will notify certain people if there is a 'leak', and > they can go in and figure out what happened. > Well, you've already done your CYA [1] activities, so that's good. If your scope is well defined and you've a good contract, excellent. I hope you're charging more than enough for the priviledge of them having YOU sniff their traffic :) hehe. Good luck with it, hope it works out for all parties. j [1] someone defined HIPPA in the thread earlier, but didn't define "cover your ass" :) -- == + It's simply not | John Keimel+ + RFC1149 compliant!| [EMAIL PROTECTED]+ + | http://www.keimel.com + == pgpWZOcC6bqmn.pgp Description: PGP signature
Re: Dsniff/mailsnarf
On Tue, Feb 24, 2004 at 06:45:50PM -0500, [EMAIL PROTECTED] wrote: > On Tue, Feb 24, 2004 at 06:19:48PM -0500, John Keimel wrote: > > On Tue, Feb 24, 2004 at 06:11:20PM -0500, [EMAIL PROTECTED] wrote: > > > I've been asked to place a sniffer on a network that handles HIPPA data, > > > and watch for e-mail containing certain strings. I figured that mailsnarf > > > would be the best way to do this. > > > > > Aside from any of hte technical details of this, I'm kind of wondering > > how this fits into HIPPA and it's policies. > > Certain info has to be protected. Like, all of it. I've dealt with HIPPA, so I know. My befuddlement was over the idea of sniffing for that info and the assumptions that one has to make in doing such a thing. > > I'd be sure that if I were you, I'd have written evidence of someone (a > > boss/supervisor/etc) ordering this kind of behaviour and also my > > objection to sniffing data that might be confidential under HIPPA. > > I have a very nice contract, complete with a very detailed scope of work, > which my lawyer has OKed. -snip- > There's no CYA. I'm being asked to verify that there is no HIPPA > information that is leaving the site, accidentally or otherwise. There > is a nice defined set of keywords that would be used in any of the > documentation (it's a testing Lab). If the capture file size *ever* > goes above 0 bytes, they have a problem. That's all I'm involved with. > I want *nothing* to do with the actual data. I'm just setting up a > system that will notify certain people if there is a 'leak', and > they can go in and figure out what happened. > Well, you've already done your CYA [1] activities, so that's good. If your scope is well defined and you've a good contract, excellent. I hope you're charging more than enough for the priviledge of them having YOU sniff their traffic :) hehe. Good luck with it, hope it works out for all parties. j [1] someone defined HIPPA in the thread earlier, but didn't define "cover your ass" :) -- == + It's simply not | John Keimel+ + RFC1149 compliant!| [EMAIL PROTECTED]+ + | http://www.keimel.com + == pgp0.pgp Description: PGP signature
Re: Dsniff/mailsnarf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For all of us non native speakers of english and living outside the USA, here's some info on the acronyms to follow the thread: http://www.safetyfile.com/page/S/CTGY/HIPPA http://www.gaarde.org/acronyms/?lookup=cya Thanks Jose for that .. :) And .. btw. if I ever were to send such information out .. I certainly would make sure that NO ONE could read that info plain text (method here>) - - Just my 2c - - Cheers, Peter -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAkA8YTcACgkQezyUhHKdNXTFugCdGGrCTeug+QA5zmrY6HaT49sa BHkAn1hhN/8b5DExgSAXFpA07k8U6vZZ =h0iC -END PGP SIGNATURE-
Re: Dsniff/mailsnarf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For all of us non native speakers of english and living outside the USA, here's some info on the acronyms to follow the thread: http://www.safetyfile.com/page/S/CTGY/HIPPA http://www.gaarde.org/acronyms/?lookup=cya Thanks Jose for that .. :) And .. btw. if I ever were to send such information out .. I certainly would make sure that NO ONE could read that info plain text () - - Just my 2c - - Cheers, Peter -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAkA8YTcACgkQezyUhHKdNXTFugCdGGrCTeug+QA5zmrY6HaT49sa BHkAn1hhN/8b5DExgSAXFpA07k8U6vZZ =h0iC -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Dsniff/mailsnarf
John Keimel wrote: On Tue, Feb 24, 2004 at 06:11:20PM -0500, [EMAIL PROTECTED] wrote: I've been asked to place a sniffer on a network that handles HIPPA data, and watch for e-mail containing certain strings. I figured that mailsnarf would be the best way to do this. Aside from any of hte technical details of this, I'm kind of wondering how this fits into HIPPA and it's policies. I'd be sure that if I were you, I'd have written evidence of someone (a boss/supervisor/etc) ordering this kind of behaviour and also my objection to sniffing data that might be confidential under HIPPA. This just sounds wrong all around. I'd suggest significant amount of C.Y.A. activity on your part. Good luck. *shakes head* Sorry I can't be more helpful otherwise. For all of us non native speakers of english and living outside the USA, here's some info on the acronyms to follow the thread: http://www.safetyfile.com/page/S/CTGY/HIPPA http://www.gaarde.org/acronyms/?lookup=cya
Re: Dsniff/mailsnarf
John Keimel wrote: On Tue, Feb 24, 2004 at 06:11:20PM -0500, [EMAIL PROTECTED] wrote: I've been asked to place a sniffer on a network that handles HIPPA data, and watch for e-mail containing certain strings. I figured that mailsnarf would be the best way to do this. Aside from any of hte technical details of this, I'm kind of wondering how this fits into HIPPA and it's policies. I'd be sure that if I were you, I'd have written evidence of someone (a boss/supervisor/etc) ordering this kind of behaviour and also my objection to sniffing data that might be confidential under HIPPA. This just sounds wrong all around. I'd suggest significant amount of C.Y.A. activity on your part. Good luck. *shakes head* Sorry I can't be more helpful otherwise. For all of us non native speakers of english and living outside the USA, here's some info on the acronyms to follow the thread: http://www.safetyfile.com/page/S/CTGY/HIPPA http://www.gaarde.org/acronyms/?lookup=cya -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Dsniff/mailsnarf
On Tue, Feb 24, 2004 at 05:20:01PM -0600, elijah wright wrote: > > > > I've been asked to place a sniffer on a network that handles HIPPA > > > data, and watch for e-mail containing certain strings. I figured that > > > mailsnarf would be the best way to do this. > > > > > Aside from any of hte technical details of this, I'm kind of wondering > > how this fits into HIPPA and it's policies. > > > > I'd be sure that if I were you, I'd have written evidence of someone (a > > boss/supervisor/etc) ordering this kind of behaviour and also my > > objection to sniffing data that might be confidential under HIPPA. > > sounds like he's being asked to sniff to make SURE that no one is stupid > enough to email hipaa-covered data out. Correct. Tim -- >< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 726 << >> http://www.buoy.com >< Moriches, NY 11955 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)399-2910 (888) 924-3728 >> << ><
Re: Dsniff/mailsnarf
On Tue, Feb 24, 2004 at 06:19:48PM -0500, John Keimel wrote: > On Tue, Feb 24, 2004 at 06:11:20PM -0500, [EMAIL PROTECTED] wrote: > > I've been asked to place a sniffer on a network that handles HIPPA data, > > and watch for e-mail containing certain strings. I figured that mailsnarf > > would be the best way to do this. > > > Aside from any of hte technical details of this, I'm kind of wondering > how this fits into HIPPA and it's policies. Certain info has to be protected. > I'd be sure that if I were you, I'd have written evidence of someone (a > boss/supervisor/etc) ordering this kind of behaviour and also my > objection to sniffing data that might be confidential under HIPPA. I have a very nice contract, complete with a very detailed scope of work, which my lawyer has OKed. > This just sounds wrong all around. I'd suggest significant amount of > C.Y.A. activity on your part. There's no CYA. I'm being asked to verify that there is no HIPPA information that is leaving the site, accidentally or otherwise. There is a nice defined set of keywords that would be used in any of the documentation (it's a testing Lab). If the capture file size *ever* goes above 0 bytes, they have a problem. That's all I'm involved with. I want *nothing* to do with the actual data. I'm just setting up a system that will notify certain people if there is a 'leak', and they can go in and figure out what happened. Tim -- >< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 726 << >> http://www.buoy.com >< Moriches, NY 11955 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)399-2910 (888) 924-3728 >> << ><
Re: Dsniff/mailsnarf
> > I've been asked to place a sniffer on a network that handles HIPPA > > data, and watch for e-mail containing certain strings. I figured that > > mailsnarf would be the best way to do this. > > > Aside from any of hte technical details of this, I'm kind of wondering > how this fits into HIPPA and it's policies. > > I'd be sure that if I were you, I'd have written evidence of someone (a > boss/supervisor/etc) ordering this kind of behaviour and also my > objection to sniffing data that might be confidential under HIPPA. sounds like he's being asked to sniff to make SURE that no one is stupid enough to email hipaa-covered data out. C.Y.A. is definitely appropriate. elijah
Re: Dsniff/mailsnarf
On Tue, Feb 24, 2004 at 06:11:20PM -0500, [EMAIL PROTECTED] wrote: > I've been asked to place a sniffer on a network that handles HIPPA data, > and watch for e-mail containing certain strings. I figured that mailsnarf > would be the best way to do this. > Aside from any of hte technical details of this, I'm kind of wondering how this fits into HIPPA and it's policies. I'd be sure that if I were you, I'd have written evidence of someone (a boss/supervisor/etc) ordering this kind of behaviour and also my objection to sniffing data that might be confidential under HIPPA. This just sounds wrong all around. I'd suggest significant amount of C.Y.A. activity on your part. Good luck. *shakes head* Sorry I can't be more helpful otherwise. -- == + It's simply not | John Keimel+ + RFC1149 compliant!| [EMAIL PROTECTED]+ + | http://www.keimel.com + == pgprNQ3CFiE0q.pgp Description: PGP signature
Dsniff/mailsnarf
I've been asked to place a sniffer on a network that handles HIPPA data, and watch for e-mail containing certain strings. I figured that mailsnarf would be the best way to do this. Right. In testing, if I run: mailsnarf -i eth2 . "tcp" I get all email. If I run mailsnarf -i eth2 ".*STD.*" "tcp", I get nuttin, even though I send email containing that string. Any pointers from anyone? Tim -- >< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 726 << >> http://www.buoy.com >< Moriches, NY 11955 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)399-2910 (888) 924-3728 >> << ><
Re: Dsniff/mailsnarf
On Tue, Feb 24, 2004 at 05:20:01PM -0600, elijah wright wrote: > > > > I've been asked to place a sniffer on a network that handles HIPPA > > > data, and watch for e-mail containing certain strings. I figured that > > > mailsnarf would be the best way to do this. > > > > > Aside from any of hte technical details of this, I'm kind of wondering > > how this fits into HIPPA and it's policies. > > > > I'd be sure that if I were you, I'd have written evidence of someone (a > > boss/supervisor/etc) ordering this kind of behaviour and also my > > objection to sniffing data that might be confidential under HIPPA. > > sounds like he's being asked to sniff to make SURE that no one is stupid > enough to email hipaa-covered data out. Correct. Tim -- >< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 726 << >> http://www.buoy.com >< Moriches, NY 11955 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)399-2910 (888) 924-3728 << >< -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Dsniff/mailsnarf
On Tue, Feb 24, 2004 at 06:19:48PM -0500, John Keimel wrote: > On Tue, Feb 24, 2004 at 06:11:20PM -0500, [EMAIL PROTECTED] wrote: > > I've been asked to place a sniffer on a network that handles HIPPA data, > > and watch for e-mail containing certain strings. I figured that mailsnarf > > would be the best way to do this. > > > Aside from any of hte technical details of this, I'm kind of wondering > how this fits into HIPPA and it's policies. Certain info has to be protected. > I'd be sure that if I were you, I'd have written evidence of someone (a > boss/supervisor/etc) ordering this kind of behaviour and also my > objection to sniffing data that might be confidential under HIPPA. I have a very nice contract, complete with a very detailed scope of work, which my lawyer has OKed. > This just sounds wrong all around. I'd suggest significant amount of > C.Y.A. activity on your part. There's no CYA. I'm being asked to verify that there is no HIPPA information that is leaving the site, accidentally or otherwise. There is a nice defined set of keywords that would be used in any of the documentation (it's a testing Lab). If the capture file size *ever* goes above 0 bytes, they have a problem. That's all I'm involved with. I want *nothing* to do with the actual data. I'm just setting up a system that will notify certain people if there is a 'leak', and they can go in and figure out what happened. Tim -- >< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 726 << >> http://www.buoy.com >< Moriches, NY 11955 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)399-2910 (888) 924-3728 << >< -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Dsniff/mailsnarf
> > I've been asked to place a sniffer on a network that handles HIPPA > > data, and watch for e-mail containing certain strings. I figured that > > mailsnarf would be the best way to do this. > > > Aside from any of hte technical details of this, I'm kind of wondering > how this fits into HIPPA and it's policies. > > I'd be sure that if I were you, I'd have written evidence of someone (a > boss/supervisor/etc) ordering this kind of behaviour and also my > objection to sniffing data that might be confidential under HIPPA. sounds like he's being asked to sniff to make SURE that no one is stupid enough to email hipaa-covered data out. C.Y.A. is definitely appropriate. elijah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Dsniff/mailsnarf
On Tue, Feb 24, 2004 at 06:11:20PM -0500, [EMAIL PROTECTED] wrote: > I've been asked to place a sniffer on a network that handles HIPPA data, > and watch for e-mail containing certain strings. I figured that mailsnarf > would be the best way to do this. > Aside from any of hte technical details of this, I'm kind of wondering how this fits into HIPPA and it's policies. I'd be sure that if I were you, I'd have written evidence of someone (a boss/supervisor/etc) ordering this kind of behaviour and also my objection to sniffing data that might be confidential under HIPPA. This just sounds wrong all around. I'd suggest significant amount of C.Y.A. activity on your part. Good luck. *shakes head* Sorry I can't be more helpful otherwise. -- == + It's simply not | John Keimel+ + RFC1149 compliant!| [EMAIL PROTECTED]+ + | http://www.keimel.com + == pgp0.pgp Description: PGP signature
Dsniff/mailsnarf
I've been asked to place a sniffer on a network that handles HIPPA data, and watch for e-mail containing certain strings. I figured that mailsnarf would be the best way to do this. Right. In testing, if I run: mailsnarf -i eth2 . "tcp" I get all email. If I run mailsnarf -i eth2 ".*STD.*" "tcp", I get nuttin, even though I send email containing that string. Any pointers from anyone? Tim -- >< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 726 << >> http://www.buoy.com >< Moriches, NY 11955 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)399-2910 (888) 924-3728 << >< -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]