TheRatherOdd1 Posted June 6, 2010 Share Posted June 6, 2010 Let's see... They were sending email spam via my network and I decrypted the emails that were on SMTP protocol and using PUBLIC base64 for encryption and noticed they were spam. It was a red flag of the content of my network and I looked into it like any network admin should. How is that illegal? It's not. I own the network, I own all the packets flowing through it. And yeah I got accounts. I'll admit it all day. Fact is... it's past the statute of limitations. It was Diablo II game accounts. Not US Gov't pentagon logins. So nothing can be done. Are you not familiar with the possibilities of the content on this forum? Pineapple, Interceptor, so on... Fact is, at least I do that sort of stuff (and I'm sure many others do) because we have an idea and a "what if this worked" kinda of thought. So we do it. Either way it's hackers/crackers that has MADE security what it is today. Not to mention, if you REALLY look at every copyright, every law, ever picture you "right click > save" you are breaking the law. It is almost impossible to not break any laws just from normal PC/internet usage. Just depends on the severity and whom really gives a damn about it? Will you be arrested by taking a picture from online and putting it as your background? No... You should ask yourself why are you letting port 25 or 143 out as a exit node in the Tor network? Don't they (TOR) specifically say it's not recommended to allow those ports because of spam issues? On top of that here is something that is pertinent to our above discussion. sniffing can sometimes break the same law that federal prosecutors use to prosecute telephone wiretappers. This law can be used to punish any person “who intentionally intercepts . . . any wire, oral, or electronic communication” (18 USC § 2511(1)(a)). Convicted violators are felons who face up to five years in prison. Some will say, “But as a system administrator I’m allowed to monitor my own network! People do that every day! Are you saying that’s illegal?” There are exceptions in the law, some of which may cover system administrators. But even sysadmins can’t sniff packets on their own network for no reason and in all situations. The real question is whether any of these exceptions apply to sniffing for passwords on a conference network. I think the answer is that they usually do not. There is an exception to the wiretap law (the Electronic Communications Privacy Act, or ECPA) for network providers: It is not illegal to intercept communications “while engaged in any activity which is a necessary incident to . . . the protection of the rights or property of the provider” (18 USC § 2511(2)(a)(i)). In plain English, you can sniff packets to protect your rights or your property. But this exception applies only to the acts of the “officer, employee, or agent” of the provider. The average conference attendee, sitting in the audience or hallway, running dsniff on his or her laptop probably does not fall into any of these categories. Now, it’s certainly possible for the person sniffing to secure the permission of the conference organizers. But are they the providers of the network? At many conferences I have attended, the network is provided by the hotel or by a local ISP. In those cases, does the conference have standing to grant permission to sniff the network? The answer may very well be “no.” And if the answer is “no,” by authorizing the activity, the organizers may also be liable for breaking the law. Interesting, eh? Does that mean someone will waste their time to track you down? Unlikely. So there are some big risks involved.... Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 6, 2010 Share Posted June 6, 2010 (edited) You should ask yourself why are you letting port 25 or 143 out as a exit node in the Tor network? Don't they (TOR) specifically say it's not recommended to allow those ports because of spam issues? On top of that here is something that is pertinent to our above discussion. Yes they do, too bad they were not connecting to common ports. Are you retarded really? Interesting, eh? Does that mean someone will waste their time to track you down? Unlikely. So there are some big risks involved.... And to your big massive quote. It's called a WARNING BANNER. They click OK and they give up all rights of their data passing on my network. Try getting a little into forensic law like I have. Not to mention, no clue where you copy/pasted from. Anywho this has gone way off topic and I'm sure discussion is done. Mod should probly close/lock this thread. Edited June 6, 2010 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
mux Posted June 8, 2010 Share Posted June 8, 2010 And to your big massive quote. It's called a WARNING BANNER. They click OK and they give up all rights of their data passing on my network. ^This x10. It's already been proved in a few court cases where the prosecutor usually tried to argue it was entrapment on the sys admin's part. Too bad the user(s) didn't read the big wall of text for the network he connected to. I will admit, however, a banner does not always hold up in court under a few circumstances (Fraud, ID theft, CC harvesting, etc). Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 8, 2010 Share Posted June 8, 2010 ^This x10. It's already been proved in a few court cases where the prosecutor usually tried to argue it was entrapment on the sys admin's part. Too bad the user(s) didn't read the big wall of text for the network he connected to. I will admit, however, a banner does not always hold up in court under a few circumstances (Fraud, ID theft, CC harvesting, etc). This was posted on all the computer's monitors in a public library. How's this for a warning LOL. Quote Link to comment Share on other sites More sharing options...
cabster21 Posted June 11, 2010 Share Posted June 11, 2010 (edited) I don't play world of shit craft, but... Yeah a large amount of them bring it on. But... Oh they all shared their passwords? Did you share yours when Hak5 was "hacked". It's evident fucking idiots not only play it, but work for it. Some exploits are just a bitch, you want to moan? Moan why you took a job with them, wait for money? Well you take the "Fuck off, you are shit" award. Doesn't feel good, but i guess you could not do anything to stop it. Put someone down if you have a reason. Here watch, you Sir are a fucking knob head. See how easy it was? Edited June 11, 2010 by cabster21 Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 11, 2010 Share Posted June 11, 2010 Your post confuses me... Quote Link to comment Share on other sites More sharing options...
TheRatherOdd1 Posted June 12, 2010 Share Posted June 12, 2010 (edited) @Mr-Protocol: If your having issues with people using your network to send spam why do you you by default allow no ports except 80 (HTTP), 443 (HTTPS), 23 (SSH) etc? Wouldn't that take of your problem? I don't see why you whine when you are running a proxy service and it's being abused. There are some things that are different about library computers. 1.) It's open to the public for anyone to use. 2.) Usually there is no form of validation (see above) of said computer users. 3.) Libraries are part of the government and different rules apply to their computers. Something to think about in today's news is that Google is in hot water for supposedly capturing data off unencrypted wifi's. So suppose your google and your end node is someone else wifi... [EDIT] Also don't try and prove a point and then call to moderators to lock the discussion. It's underhanded and just makes you look bad because after all were all being sensible right? This still has a little bit in common with the posts above about sniffing authentications from World of Warcraft. Edited June 12, 2010 by TheRatherOdd1 Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 12, 2010 Share Posted June 12, 2010 (edited) @Mr-Protocol: If your having issues with people using your network to send spam why do you you by default allow no ports except 80 (HTTP), 443 (HTTPS), 23 (SSH) etc? Wouldn't that take of your problem? I don't see why you whine when you are running a proxy service and it's being abused. There are some things that are different about library computers. 1.) It's open to the public for anyone to use. 2.) Usually there is no form of validation (see above) of said computer users. 3.) Libraries are part of the government and different rules apply to their computers. Something to think about in today's news is that Google is in hot water for supposedly capturing data off unencrypted wifi's. So suppose your google and your end node is someone else wifi... [EDIT] Also don't try and prove a point and then call to moderators to lock the discussion. It's underhanded and just makes you look bad because after all were all being sensible right? This still has a little bit in common with the posts above about sniffing authentications from World of Warcraft. You are retarded. 1) I was offering the service to whatever use but didnt want to allow torrents or illegal activities. Fact is a port is a port and can be abused even with just 80 443 allowed. 2) I posted the library as an example of a WARNING banner. 3) I ask mod to lock the post because it is way off topic. Stop trolling for real. I'm done with your pathetic ass. Edited June 12, 2010 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
TheRatherOdd1 Posted June 12, 2010 Share Posted June 12, 2010 You are retarded. 1) I was offering the service to whatever use but didnt want to allow torrents or illegal activities. Fact is a port is a port and can be abused even with just 80 443 allowed. 2) I posted the library as an example of a WARNING banner. 3) I ask mod to lock the post because it is way off topic. Stop trolling for real. I'm done with your pathetic ass. At least I don't resort to name calling, jeeze. Who's the troll? If your worried about people using your network then don't be a exit node. But then your probably transmitting child porn in TOR and would never realize it. The great thing about running a exit node is plausible deniability. Quote Link to comment Share on other sites More sharing options...
The Sorrow Posted August 11, 2010 Share Posted August 11, 2010 (edited) 1337 W3RD 0F 7H3 D4Y: PHISHING Edited August 11, 2010 by the sorrow Quote Link to comment Share on other sites More sharing options...
vVv Posted September 29, 2010 Share Posted September 29, 2010 You must have been stupid. :P Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.