RE: Netstumbling

From: PJD@portcullis-security.com
Date: Thu Mar 06 2003 - 04:24:26 EST

• Next message: Talisker: "Distributed Vulnerability Scanners"
• Previous message: Indian Tiger: "Penetration Testing Lab Setup"
• Maybe in reply to: stonewall: "Netstumbling"
• Next in thread: LordEidi: "Program for automatic attack replay"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Can't speak for other countries, and I am no legal expert, but here in the
UK its a really fine line that stops prosecution under the
Telecommunications act 1981, (obviously been updated since) that states it
is "unlawful to intentionally Intercept transmitted communications" for the
purposes of..... it then goes on to cover the specific details, wiretapping
etc. defining what we would all consider traditional interception by law
enforcement etc. In my experience, the average cop is unaware of the
Telecoms act and hence more than likely unaware what is being done. However,
the curious one could stop and arrest you, if so its up to the tester to
explain that 1, they have written authority from X to undertake such a task,
and that interception of "other" organisations wireless information is an
accidental byproduct of the authorised scanning. Also the tester needs to be
able (in the worst case) to show that they are passively receiving the
information, hence it has been broadcast, "sent" to you rather than you
going looking for it, and that information will not be stored on unrelated
systems. So, my feelings are its a fine line, but as long as you can prove
that in passing through somewhere the information collected was not
intentionally "intercepted" but the broadcast received it would be very
difficult for anyone to prove otherwise. Unless of course you were sat in a
van with blacked out windows, parabolic antennas on the roof and balaclava's
on :))

Interestingly, the more I think about the act, the more it brings into
question other forms of intercept, for example IDS, which dependent on which
one is in use can record user id's and passwords, this brings into question
whether the sysadmin should see the CTO's ftp/email id/pw, one to ponder.

PJD

> ----------
> From: Ken Kousky[SMTP:kkousky@ip3inc.com]
> Sent: 05 March 2003 17:04
> To: 'stonewall'; pen-test@securityfocus.com
> Subject: RE: Netstumbling
>
> Don't have the answers you're looking for ...but more questions. I've
> heard from many professionals that various state wiretapping laws
> consider sniffing, be it wireless or simply dsniff, a form of
> wiretapping and it is illegal. Not sure of the legal consequences
> either. For the most part, wiretapping restrictions were targeted at LE
> and the admissibility of evidence. When individuals do it, I'm not clear
> if it is a criminal or civil act...but would love to hear more from
> anybody with knowledge in this area.
>
> KWK
>
> -----Original Message-----
> From: stonewall [mailto:stonewall@cavtel.net]
> Sent: Wednesday, March 05, 2003 9:15 AM
> To: pen-test@securityfocus.com
> Subject: Netstumbling
>
> HI, I need some advice.
>
> I am interested in the reaction that list members have gotten from
> various
> government agencies while netstumbling. Is there any clear guidance on
> the
> legality of 'stumbling? I am talking here about just 'stumbling, not
> set to
> auto reconfigure the card, just assessment and locating WAPs.
>
> You cannot be in the security business without being able to assess
> threats.
> In this business, paranoia is not paranoia, it is due diligence. I
> believe
> that anyone serious about security must be able to assess wireless
> zones,
> overlapping areas, buildings with multiple WAPs, etc. But have you been
> threatened by LE personnel in the process?
>
> Thanks in advance for your info.
>
> stonewall
>
>
> ------------------------------------------------------------------------
> ----
>
> Are your vulnerability scans producing just another report?
> Manage the entire remediation process with StillSecure VAM's
> Vulnerability Repair Workflow.
> Download a free 15-day trial:
> http://www2.stillsecure.com/download/sf_vuln_list.html
>
>
> --------------------------------------------------------------------------
> --
>
> Are your vulnerability scans producing just another report?
> Manage the entire remediation process with StillSecure VAM's
> Vulnerability Repair Workflow.
> Download a free 15-day trial:
> http://www2.stillsecure.com/download/sf_vuln_list.html
>

*************************************************************
The information in this email is confidential and may be
legally privileged. It is intended solely for the addressee.
Any opinions expressed are those of the individual and do not
represent the opinion of the organisation.
Access to this email by persons other than the intended
recipient is strictly prohibited.
If you are not the intended recipient, any disclosure, copying,
distribution or other action taken or omitted to be taken in
reliance on it, is prohibited and may be unlawful.
When addressed to our clients any opinions or advice contained
in this email is subject to the terms and conditions expressed
in the applicable Portcullis Computer Security Limited terms
of business.
**************************************************************

----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html

• Next message: Talisker: "Distributed Vulnerability Scanners"
• Previous message: Indian Tiger: "Penetration Testing Lab Setup"
• Maybe in reply to: stonewall: "Netstumbling"
• Next in thread: LordEidi: "Program for automatic attack replay"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:29 EDT