RE: Netstumbling

From: Freeland, Jim (jfreeland@Carlson.com)
Date: Wed Mar 05 2003 - 14:55:56 EST

• Next message: Marco Ivaldi: "X.25 tools"
• Previous message: Nick Jacobsen: "Re: Netstumbling"
• Maybe in reply to: stonewall: "Netstumbling"
• Next in thread: Joseph W. Shaw II: "Re: Netstumbling"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Remember the GREY area..........

Basically, you can stumble and identify other company networks.
Accessing their internet connection accidentally and browsing the web
will not land you in hot water. Enumerating their systems, attempting
to gain heightened access levels, or attempting to view secured network
objects will land you in hot water. Now you can probably get away with
the old 'I didn't see a warning banner' excuse, but that doesn't hold
much weight anymore.

I would say scan away because the wireless network you are seeing falls
into a grey area in the legal world. Nobody has defined what
constitutes illegal activity. I can't imagine a judge would stick
anyone with a charge for accidentally using the company across the
street's internet connection to surf the web. He/She would most likely
tell them to turn down the signal and lock down their connection!

As with any wired network, hacking and enumeration occur daily.
Sometimes successful, sometimes not. If I scan your company's network
over my cable modem connection I don't get in trouble. If I compromise
a box and ignore a login banner I for sure will. If I compromise a box
and didn't see a login banner, I have about a 50/50 shot of not getting
in trouble. I can only imagine the same 'rules of the game' apply to
wireless. If I get a DHCP IP from your router, and surf the web, then
scan your IP range I probably won't get in trouble. If I find a
vulnerability and expose it to access secured systems, well, just like
the wired world I may be punished.

Don't forget, it always depends on whose system you are seeing, and what
data they have. If you are Stumbling in Omaha and hit some little
building with a nice database full of credit card numbers, chances are
they will use everything they have to track you down.

Don't do dumb things! Use the tools to identify and secure. Help,
don't hurt. Otherwise you might get yours.

Jim

-----Original Message-----
From: Nick Jacobsen [mailto:nick@ethicsdesign.com]
Sent: Wednesday, March 05, 2003 11:12 AM
To: stonewall; pen-test@securityfocus.com
Subject: Re: Netstumbling

Just from my expirience, I have never had any problems, and none of my
friends have reported any problems either. I will walk around downtown
with
my laptop open, and an external antenna on my back (looks funky, and I
get
some odd stares, but it works), and the most I have ever had happen is a
cop
ask me what I was doing... I told hime I was using my laptop to do a
wireless security assesment... he just sort of looked at me oddly and
walked off... probably had no idea what I was talking about... I've
done
this in Portland, Roseburg, Salem, Eugene (all in Oregon), as well as
New
Orleans and Chicago. Most of the time, the cops have no idea what you
are
talking about...

Anyway, my 2 cents,

Nick Jacobsen
Ethics Design
nick@ethicsdesign.com

----- Original Message -----
From: "stonewall" <stonewall@cavtel.net>
To: <pen-test@securityfocus.com>
Sent: Wednesday, March 05, 2003 6:14 AM
Subject: Netstumbling

> HI, I need some advice.
>
> I am interested in the reaction that list members have gotten from
various
> government agencies while netstumbling. Is there any clear guidance
on
the
> legality of 'stumbling? I am talking here about just 'stumbling, not
set
to
> auto reconfigure the card, just assessment and locating WAPs.
>
> You cannot be in the security business without being able to assess
threats.
> In this business, paranoia is not paranoia, it is due diligence. I
believe
> that anyone serious about security must be able to assess wireless
zones,
> overlapping areas, buildings with multiple WAPs, etc. But have you
been
> threatened by LE personnel in the process?
>
> Thanks in advance for your info.
>
> stonewall
>
>
>
------------------------------------------------------------------------

--
--
>
> Are your vulnerability scans producing just another report?
> Manage the entire remediation process with StillSecure VAM's
> Vulnerability Repair Workflow.
> Download a free 15-day trial:
> http://www2.stillsecure.com/download/sf_vuln_list.html
>
------------------------------------------------------------------------
----
Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html
----------------------------------------------------------------------------
Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html

• Next message: Marco Ivaldi: "X.25 tools"
• Previous message: Nick Jacobsen: "Re: Netstumbling"
• Maybe in reply to: stonewall: "Netstumbling"
• Next in thread: Joseph W. Shaw II: "Re: Netstumbling"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:29 EDT