[Dshield] Question on appropriate university research

Shane.Steckelberg at k12.sd.us Shane.Steckelberg at k12.sd.us
Mon Sep 24 03:33:53 GMT 2007

If I tried to prosecute on "any" event such as a port scan that we
deemed potentially hazardous or questionable we'd need a pretty large
legal department and I seriously doubt we would see any benefit to such
action. If an employee brings a removable storage device into the
building is this automatically construed as an event in which he or she
will steal sensitive data?  Are we saying there is just cause to
prosecute on the potential future crime? This brings to mind the phrase,
"Caught you red-handed." 

Stray packets/port scans and anything outside of "guest" access
attempts, in my mind, must do more than appear criminal.  They need to
be criminal(and to simplify prosecution-- hopefully traced back to the
US in my case).  
Sure, these events can lead to criminal activity.  So we should probably
trust the legal system and wait until that time.


More information about the list mailing list