Penetration Testing mailing list archives
RE: Netstumbling
From: PJD () portcullis-security com
Date: Thu, 6 Mar 2003 09:24:26 -0000
Can't speak for other countries, and I am no legal expert, but here in the UK its a really fine line that stops prosecution under the Telecommunications act 1981, (obviously been updated since) that states it is "unlawful to intentionally Intercept transmitted communications" for the purposes of..... it then goes on to cover the specific details, wiretapping etc. defining what we would all consider traditional interception by law enforcement etc. In my experience, the average cop is unaware of the Telecoms act and hence more than likely unaware what is being done. However, the curious one could stop and arrest you, if so its up to the tester to explain that 1, they have written authority from X to undertake such a task, and that interception of "other" organisations wireless information is an accidental byproduct of the authorised scanning. Also the tester needs to be able (in the worst case) to show that they are passively receiving the information, hence it has been broadcast, "sent" to you rather than you going looking for it, and that information will not be stored on unrelated systems. So, my feelings are its a fine line, but as long as you can prove that in passing through somewhere the information collected was not intentionally "intercepted" but the broadcast received it would be very difficult for anyone to prove otherwise. Unless of course you were sat in a van with blacked out windows, parabolic antennas on the roof and balaclava's on :)) Interestingly, the more I think about the act, the more it brings into question other forms of intercept, for example IDS, which dependent on which one is in use can record user id's and passwords, this brings into question whether the sysadmin should see the CTO's ftp/email id/pw, one to ponder. PJD
---------- From: Ken Kousky[SMTP:kkousky () ip3inc com] Sent: 05 March 2003 17:04 To: 'stonewall'; pen-test () securityfocus com Subject: RE: Netstumbling Don't have the answers you're looking for ...but more questions. I've heard from many professionals that various state wiretapping laws consider sniffing, be it wireless or simply dsniff, a form of wiretapping and it is illegal. Not sure of the legal consequences either. For the most part, wiretapping restrictions were targeted at LE and the admissibility of evidence. When individuals do it, I'm not clear if it is a criminal or civil act...but would love to hear more from anybody with knowledge in this area. KWK -----Original Message----- From: stonewall [mailto:stonewall () cavtel net] Sent: Wednesday, March 05, 2003 9:15 AM To: pen-test () securityfocus com Subject: Netstumbling HI, I need some advice. I am interested in the reaction that list members have gotten from various government agencies while netstumbling. Is there any clear guidance on the legality of 'stumbling? I am talking here about just 'stumbling, not set to auto reconfigure the card, just assessment and locating WAPs. You cannot be in the security business without being able to assess threats. In this business, paranoia is not paranoia, it is due diligence. I believe that anyone serious about security must be able to assess wireless zones, overlapping areas, buildings with multiple WAPs, etc. But have you been threatened by LE personnel in the process? Thanks in advance for your info. stonewall ------------------------------------------------------------------------ ---- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html -------------------------------------------------------------------------- -- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
************************************************************* The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Any opinions expressed are those of the individual and do not represent the opinion of the organisation. Access to this email by persons other than the intended recipient is strictly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or other action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email is subject to the terms and conditions expressed in the applicable Portcullis Computer Security Limited terms of business. ************************************************************** ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
Current thread:
- Netstumbling stonewall (Mar 05)
- Re: Netstumbling IndianZ (Mar 05)
- RE: Netstumbling Ken Kousky (Mar 05)
- Re: Netstumbling Nick Jacobsen (Mar 05)
- RE: Netstumbling Andrew Ruef (Mar 06)
- Re: Netstumbling Joseph W. Shaw II (Mar 06)
- Program for automatic attack replay LordEidi (Mar 06)
- RE: Program for automatic attack replay Rob Shein (Mar 06)
- Re: Program for automatic attack replay Andreas Östling (Mar 06)
- <Possible follow-ups>
- RE: Netstumbling Freeland, Jim (Mar 06)
- RE: Netstumbling PJD (Mar 06)
- RE: Netstumbling Klahn, Paul (Mar 06)