Vulnerability Development mailing list archives
RE: Wireless Legality- Netstumbler and kin
From: "Everhart, Glenn (FUSA)" <GlennEverhart () FirstUSA com>
Date: Fri, 15 Mar 2002 13:48:46 -0500
The difficulty here is knowing whether signals are meant for you. That is why technical protection is vital in wireless. Common net practice for decades has been to offer free services at times to the world. These can be web servers, anonymous ftp, gopher, icq, or Lord knows what. To find out if they are offered one must attempt a connection (and go away quietly if it is refused). I don't think much of such a practice, but wonder how John Q Public is to know that an anonymous ftp service isn't being offered via wireless? The etiquette of this is not well established, and I could conceive of web servers and the like sitting at airports or convention centers doing exactly this, to advertise and possibly offer services to passers-by. The fact that network connections happen before one can know if such a service exists has been accepted for ages now, and it is generally understood that someone attaching to your ftp server and attempting to log in anonymous, for example, and leaving if there is no such account, is not harmful or even unusual. That being the case, a passer-by would I think be hard to convict of wrongdoing for merely looking for places where such services might exist. Therefore if you set up a wireless network, you are being grossly negligent if you have no technical limits placed on what your gear will connect to, unless you truly want to offer services to the world. This does not mean even public services cannot be abused. (Consider email relays, once common but made a scourge by spammers.) It does mean that if you set up an open connection, you are exposing a network to access and possible abuse and should not expect the law to defend you from the consequences of your actions. Remember that local, state, and federal governments all operate free internet services already and do not expect people to be telepathic. On the internet, you have to turn the knob of the front door to get in (send syn). That it isn't locked (you get a syn-ack) is your first indication something might be offered you, and conversely. While the protections available in 802.11 are not as strong as they should be, they will at least indicate the door isn't standing unlocked and thus that no public services should be expected. Otherwise, putting your net on broadcast radio without protections might be said to be giving up your expectation of privacy. -----Original Message----- From: Russell Handorf [mailto:rhandorf () mail russells-world com] Sent: Friday, March 15, 2002 12:36 PM To: vuln-dev () securityfocus com Subject: Wireless Legality- Netstumbler and kin Hey all- question for ya'll that I haven't found any firm evidence with that raises a question of legality which concerns me greatly. Of course all those in the wireless community (WLANs) know of a program called netstumbler, and also that it has the capability to map networks on a large scale (city wide and all). Well, is this not illegal pertaining to the Electronic Communications Privacy Act from 1986? I can certainly understand that it is illegal for Joe Schmoe hacker to sit outside a WLAN and to circumvent any protective measures taken by the administrator (defaults include MAC Address and the infamously poor WEP), however is it illegal for Joe Schmoe hacker to sit outside and use the WLAN of a company that doesn't have ANY protective measures set in place? According to the ECPA, it's illegal to intercept any/all wireless signals that are not intended for you, so would the people who are involved with these wireless mapping projects criminals or does this Act not apply in this situation at all? Russ ================================== Russell Handorf oooo, shiney ::Wanders after it:: www.russells-world.com www.philly2600.net "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." Kristian Wilson Nintendo Inc. 1989 ================================== ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you **********************************************************************
Current thread:
- RE: Wireless Legality- Netstumbler and kin, (continued)
- RE: Wireless Legality- Netstumbler and kin ZeroBreak (Mar 16)
- Re: Wireless Legality- Netstumbler and kin Ralf Dreibrodt (Mar 16)
- Re: Wireless Legality- Netstumbler and kin Tim Landscheidt (Mar 17)
- Re: Wireless Legality- Netstumbler and kin Eduardo Cruz (Mar 17)
- Re: Wireless Legality- Netstumbler and kin Joe Stanievich (Mar 17)
- Re: Wireless Legality- Netstumbler and kin batz (Mar 19)
- Re: Wireless Legality- Netstumbler and kin Bill Pennington (Mar 25)
- RE: Wireless Legality- Netstumbler and kin Erik Hjelmstad (Mar 25)
- Re: Wireless Legality- Netstumbler and kin shawn merdinger (Mar 25)
- RE: Wireless Legality- Netstumbler and kin Richard Rager (Mar 19)
- RE: Wireless Legality- Netstumbler and kin sfijn (Mar 26)
- RE: Wireless Legality- Netstumbler and kin Lincoln Yeoh (Mar 26)