Re: Legality of WEP Cracking

From: Justin Ferguson (jnferguson@gmail.com)
Date: Sun May 20 2007 - 18:02:13 EDT


> > How about this scenario.
> >
> > I am sitting in a Starbuck$ and am connected to the T-Mobile Wireless
> > service.
> > I start Wireshark and capture all the packets I am seeing from the WAP.
> > Is this legal or illegal?

Here is a counter-scenario, You're sitting in a Starbucks with a
device that can monitor cell phone communications, and begin to see
all of the cellphone communications in the area.
Is this legal or illegal?

How is your situation different?

The only real difference I see is in your hardware, in one you've had
to obtain and most likely modify some device to monitor the cell
usage, in the other you've used off-the-shelf consumer grade
electronics without any real modifications to it, aside from the
software (which may be argued as being the same as the modifications
you made to the hardware for the cell monitoring), however I don't
believe a judge/et cetera will be overly sympathetic simply because
you had to work less to do it.

> 1) Legal, because your wifi card has already captured the packets
> regardless of whether you're using software to save/process/display
> them. This applies to all wifi transmissions, encrypted or otherwise.
> It's the firmware/drivers/software that decide what happens to traffic
> that you have already intercepted whether you intended to or not. If you
> think about it, wifi networks couldn't work without this 'receive all
> frames/traffic by default' behaviour!

This is probably one of the larger reasons I've not gone into law,
it's not quite as 'binary' as computers, I've had numerous debates
with a former co-worker on subjects along these lines (hi tom). To
take it a bit further though, let's step past this first step where
you're NIC receive the packet not destined for it and go on to step 2,
what is done with that frame once its been received? Under normal
circumstances it would be dropped, under your circumstances you would
take it and display it/log it/whatever, and that is most likely where
the transgression occurs, I think arguing a defense like this would
most likely fail.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:49 EDT