Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Legality of WEP Cracking
From: Carl Livitt <carllivitt () yahoo com>
Date: Sat, 19 May 2007 21:34:21 +0100

On May 18, 2007, at 7:47 PM, Morning Wood wrote:

The UK law is clear, I quote from the UK Computer Misuse Act 1990

from what I understand here in the US...

"sniffing the air"        is legal
"connecting to an AP you do not have explicit permission"       is
"possession of an access restriction device" eg: WEP key
that you are not explicitly allowed
permission                           is illegal

capturing airborne packets "may" be legal, but the moment you begin to
"try" to "crack" a WEP key, you would be entering access restriction
realm instantly. ( do not pass GO! ) , as well, simply connecting to
target AP is illegal from the get-go ( gimme your dice! )

but my understanding is only a perspective, which may or not be

 How about this scenario.

I am sitting in a Starbuck$ and am connected to the T-Mobile Wireless
I start Wireshark and capture all the packets I am seeing from the WAP.
Is this legal or illegal?

There are 2 answers:

1) Legal, because your wifi card has already captured the packets
regardless of whether you're using software to save/process/display
them. This applies to all wifi transmissions, encrypted or otherwise.
It's the firmware/drivers/software that decide what happens to traffic
that you have already intercepted whether you intended to or not. If you
think about it, wifi networks couldn't work without this 'receive all
frames/traffic by default' behaviour!

2) Illegal, for the exact same reasons as (1), above!

Tricky ground, eh? Does anyone know of case law regarding this?

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]