Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Legality of WEP Cracking
From: "Justin Ferguson" <jnferguson () gmail com>
Date: Sun, 20 May 2007 18:02:13 -0400

>  How about this scenario.
> I am sitting in a Starbuck$ and am connected to the T-Mobile Wireless
> service.
> I start Wireshark and capture all the packets I am seeing from the WAP.
> Is this legal or illegal?

Here is a counter-scenario, You're sitting in a Starbucks with a
device that can monitor cell phone communications, and begin to see
all of the cellphone communications in the area.
Is this legal or illegal?

How is your situation different?

The only real difference I see is in your hardware, in one you've had
to obtain and most likely modify some device to monitor the cell
usage, in the other you've used off-the-shelf consumer grade
electronics without any real modifications to it, aside from the
software (which may be argued as being the same as the modifications
you made to the hardware for the cell monitoring), however I don't
believe a judge/et cetera will be overly sympathetic simply because
you had to work less to do it.

1) Legal, because your wifi card has already captured the packets
regardless of whether you're using software to save/process/display
them. This applies to all wifi transmissions, encrypted or otherwise.
It's the firmware/drivers/software that decide what happens to traffic
that you have already intercepted whether you intended to or not. If you
think about it, wifi networks couldn't work without this 'receive all
frames/traffic by default' behaviour!

This is probably one of the larger reasons I've not gone into law,
it's not quite as 'binary' as computers, I've had numerous debates
with a former co-worker on subjects along these lines (hi tom). To
take it a bit further though, let's step past this first step where
you're NIC receive the packet not destined for it and go on to step 2,
what is done with that frame once its been received? Under normal
circumstances it would be dropped, under your circumstances you would
take it and display it/log it/whatever, and that is most likely where
the transgression occurs, I think arguing a defense like this would
most likely fail.

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]