Date: Thu, 22 Mar 2018 10:32:47 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Same host or different? How can you tell "over the wire"? Message-ID: <9754.1521739967@segfault.tristatelogic.com> In-Reply-To: <201803220250.w2M2owMf024292@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <201803220250.w2M2owMf024292@pdx.rh.CN85.dnsmgr.net>, "Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net> wrote: >You are not going to prove the "control of the exact same Bad Actor" >without a warrant to search and seize. Well, as someone else noted, if two IP addresses yield the exact same SSH key, that is fairly definitive. If I planned to be going into a court of law, then yes, a warrant would be both appropriate and required. But going into court is not among my goals. >> >What you ask I believe could be done, but it non trivial and >> >would require a very good understanding of both forensics >> >and the differing ways that TCP/IP is implemented. >> >> I like to think that I am a quick learner. Please proceed with the >> lesson. > >The rates for lessons in Forensics start at reasonable enough >amounts, you can contact me off list if you wish to persue that. Thanks for your support. As i am doing what I am doing on a volunteer (unpaid) basis, I'm afraid that I will not be able to take you up on your generous offer.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9754.1521739967>