Penetration Testing mailing list archives

RE: Netstumbling

From: "Ken Kousky" <kkousky () ip3inc com>
Date: Wed, 5 Mar 2003 12:04:06 -0500

Don't have the answers you're looking for ...but more questions. I've
heard from many professionals that various state wiretapping laws
consider sniffing, be it wireless or simply dsniff, a form of
wiretapping and it is illegal. Not sure of the legal consequences
either. For the most part, wiretapping restrictions were targeted at LE
and the admissibility of evidence. When individuals do it, I'm not clear
if it is a criminal or civil act...but would love to hear more from
anybody with knowledge in this area.

KWK

-----Original Message-----
From: stonewall [mailto:stonewall () cavtel net] 
Sent: Wednesday, March 05, 2003 9:15 AM
To: pen-test () securityfocus com
Subject: Netstumbling

HI, I need some advice.

I am interested in the reaction that list members have gotten from
various
government agencies while netstumbling.  Is there any clear guidance on
the
legality of 'stumbling?  I am talking here about just 'stumbling, not
set to
auto reconfigure the card, just assessment and locating WAPs.

You cannot be in the security business without being able to assess
threats.
In this business, paranoia is not paranoia, it is due diligence.  I
believe
that anyone serious about security must be able to assess wireless
zones,
overlapping areas, buildings with multiple WAPs, etc.  But have you been
threatened by LE personnel in the process?

Thanks in advance for your info.

stonewall


------------------------------------------------------------------------
----

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html


----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html

Current thread:

Netstumbling stonewall (Mar 05)
- Re: Netstumbling IndianZ (Mar 05)
- RE: Netstumbling Ken Kousky (Mar 05)
- Re: Netstumbling Nick Jacobsen (Mar 05)
  - RE: Netstumbling Andrew Ruef (Mar 06)
- Re: Netstumbling Joseph W. Shaw II (Mar 06)
- Program for automatic attack replay LordEidi (Mar 06)
  - RE: Program for automatic attack replay Rob Shein (Mar 06)
  - Re: Program for automatic attack replay Andreas Östling (Mar 06)
- <Possible follow-ups>
- RE: Netstumbling Freeland, Jim (Mar 06)
- RE: Netstumbling PJD (Mar 06)
- RE: Netstumbling Klahn, Paul (Mar 06)