Same host or different? How can you tell "over the wire"?
Ronald F. Guilmette
rfg at tristatelogic.com
Thu Mar 22 17:32:49 UTC 2018
In message <201803220250.w2M2owMf024292 at pdx.rh.CN85.dnsmgr.net>,
"Rodney W. Grimes" <freebsd-rwg at pdx.rh.CN85.dnsmgr.net> wrote:
>You are not going to prove the "control of the exact same Bad Actor"
>without a warrant to search and seize.
Well, as someone else noted, if two IP addresses yield the exact same
SSH key, that is fairly definitive.
If I planned to be going into a court of law, then yes, a warrant
would be both appropriate and required. But going into court is
not among my goals.
>> >What you ask I believe could be done, but it non trivial and
>> >would require a very good understanding of both forensics
>> >and the differing ways that TCP/IP is implemented.
>>
>> I like to think that I am a quick learner. Please proceed with the
>> lesson.
>
>The rates for lessons in Forensics start at reasonable enough
>amounts, you can contact me off list if you wish to persue that.
Thanks for your support. As i am doing what I am doing on a volunteer
(unpaid) basis, I'm afraid that I will not be able to take you up on
your generous offer.
More information about the freebsd-net
mailing list