First off I am not a lawyer :-) With Netstumbler it is a little fuzzy for the following reasons: 1. For Netstumbler to detect the WLAN in question the WLAN must be configured in "open" mode. So the WLAN (Access Point more specifically) must respond to 802.11b probe packets with a packet that says, hey I am here and available. 2. Netstumbler, in particular, and detecting WLANS, in general, have legitimate uses such as detecting WLANS that are "public". Public being intentionally open for anyone to use them, like mine is currently. The only way to detect these open public access points is to sumble upon them generally. 3. If an access point is spewing out beacon frames, basically broadcasting "I am here" how can I determine that they are not intended for me? 4. From a security consults role it gets even trickier. If I am hired by company A to perform a wireless assessment and I see traffic from Company B while performing that assessment have I then violated ECPA? No things get fuzzier when you introduce tools like KISMET that will detect open and closed networks by intercepting ALL wireless (802.11b to be exact) traffic flying around. Again how can I determine, without first seeing the traffic, if is was or was not destined for me (the public at large)? What about WEP (or otherwise) encrypted traffic? I can detect that something is passing by, probably get the SSID info, but if I don't break the encryption scheme have I discovered any relevant data, at least enough to do harm to the WLAN in question? Probably not. And before everyone jumps on me about AirSnort and breaking WEP keys I am just talking about intercepting A as in 1 packet. As always a lawyer could give you better legal consul, and you should seek it if you have any legal questions, but the above points are ones I would discuss with legal consul. Again I am not a lawyer but I think you could make the argument that if a) The AP was broadcasting and not closed. and b) The WLAN in question was not using WEP then the operator of that WLAN did not have an expectation of privacy since they where broadcasting over an unregulated frequency (2.4ghz) in a publicly (assuming the war driving type scenario) space. A couple of good links that should have links to other relevant articles: http://www.bawug.org http://www.nycwireless.org/ http://www.seattlewireless.net/ Sorry that was a bit of a ramble... and again I am Not a Lawyer :-) ----- Original Message ----- From: "Russell Handorf" <rhandorfat_private-world.com> To: <vuln-devat_private> Sent: Friday, March 15, 2002 9:35 AM Subject: Wireless Legality- Netstumbler and kin > Hey all- question for ya'll that I haven't found any firm evidence with > that raises a question of legality which concerns me greatly. > > Of course all those in the wireless community (WLANs) know of a program > called netstumbler, and also that it has the capability to map networks on > a large scale (city wide and all). Well, is this not illegal pertaining to > the Electronic Communications Privacy Act from 1986? > > I can certainly understand that it is illegal for Joe Schmoe hacker to sit > outside a WLAN and to circumvent any protective measures taken by the > administrator (defaults include MAC Address and the infamously poor WEP), > however is it illegal for Joe Schmoe hacker to sit outside and use the WLAN > of a company that doesn't have ANY protective measures set in place? > > According to the ECPA, it's illegal to intercept any/all wireless signals > that are not intended for you, so would the people who are involved with > these wireless mapping projects criminals or does this Act not apply in > this situation at all? > > Russ > ================================== > Russell Handorf > oooo, shiney ::Wanders after it:: > > www.russells-world.com > www.philly2600.net > > "Computer games don't affect kids; I mean if Pac-Man affected us as kids, > we'd all be running around in darkened rooms, munching magic pills and > listening to repetitive electronic music." > > Kristian Wilson > Nintendo Inc. 1989 > ================================== > >
This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 11:59:10 PST