[158475] in North American Network Operators' Group
Re: William was raided for running a Tor exit node. Please help if
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Fri Nov 30 16:47:11 2012
In-Reply-To: <CAP-guGVsJrAFUtLB31rosmxo_+dmydTBXygJ3-5S12aiWPDLNQ@mail.gmail.com>
Date: Fri, 30 Nov 2012 15:46:57 -0600
From: Jimmy Hess <mysidia@gmail.com>
To: William Herrin <bill@herrin.us>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 11/29/12, William Herrin <bill@herrin.us> wrote:
> If the computer at IP:port:timestamp transmitted child porn, a warrant
> for "all computers" is also too broad. "Computers which use said IP
As you know, there may always be some uncertainty about which computer
was using a certain IP address at a certain time -- the computer
assigned that address might have been off, with a deviant
individual spoofing MAC address and IP address of a certain computer,
using different equipment still attached to the same physical LAN.
Their warrant authors will probably not say "all computers"; they
will more likely say something like all digital storage media, and
equipment required for access.
Which includes all hard drives, SSDs, CF cards, diskettes, CDRs, and
all the computing equipment they are installed in (keyboard, monitor,
mouse, etc) normally used to access the media.
> address or which employ forensic countermeasures which prevent a ready
> determination whether they employed said IP address." And have a
DHCP?
> qualified technician on the search team, same as you would for any
> other material being searched.
If they had a qualified technician, they probably wouldn't be raiding
a TOR exit node in the first place; they would have investigated the
matter more thoroughly, and saved precious time.
--
-JH
