Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Legality of WEP Cracking

from [Justin Ferguson] Network Security [Permanent Link]
Subject: Re: Legality of WEP Cracking
Date: Sun, 20 May 2007 18:02:13 -0400 
>  How about this scenario.
>
> I am sitting in a Starbuck$ and am connected to the T-Mobile Wireless
> service.
> I start Wireshark and capture all the packets I am seeing from the WAP.
> Is this legal or illegal?


Here is a counter-scenario, You're sitting in a Starbucks with a
device that can monitor cell phone communications, and begin to see
all of the cellphone communications in the area.
Is this legal or illegal?

How is your situation different?

The only real difference I see is in your hardware, in one you've had
to obtain and most likely modify some device to monitor the cell
usage, in the other you've used off-the-shelf consumer grade
electronics without any real modifications to it, aside from the
software (which may be argued as being the same as the modifications
you made to the hardware for the cell monitoring), however I don't
believe a judge/et cetera will be overly sympathetic simply because
you had to work less to do it.

1) Legal, because your wifi card has already captured the packets
regardless of whether you're using software to save/process/display
them. This applies to all wifi transmissions, encrypted or otherwise.
It's the firmware/drivers/software that decide what happens to traffic
that you have already intercepted whether you intended to or not. If you
think about it, wifi networks couldn't work without this 'receive all
frames/traffic by default' behaviour!


This is probably one of the larger reasons I've not gone into law,
it's not quite as 'binary' as computers, I've had numerous debates
with a former co-worker on subjects along these lines (hi tom). To
take it a bit further though, let's step past this first step where
you're NIC receive the packet not destined for it and go on to step 2,
what is done with that frame once its been received? Under normal
circumstances it would be dropped, under your circumstances you would
take it and display it/log it/whatever, and that is most likely where
the transgression occurs, I think arguing a defense like this would
most likely fail.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Wireless penetration testing, Matt Ahrens
Next by Date:  Re: Unix Application,, Pranay Kanwar
Previous by Thread:  Re: Legality of WEP Cracking, Carl Livitt
Next by Thread:  Re: Legality of WEP Cracking, George Dragusin
Indexes:  [Date] [Thread] [Top] [All Lists]