Found open WLANs, what now?

08-09-2001

Howdy All,

I've driven around with the lappy, Orinico Gold with range extender antenna and Netstumbler and found plenty of WLANs, of which about half didn't have WEP on. I don't want to break any laws, or steal any secrets, but what's a good strategy for connecting to the WAP? I set the card to use the WAP in infrastructure mode and often get assigned an IP. But when I try to open my browser, nothing. I'm even trying this with pretty decent signal strengths. Could these WAP's just not provide internet connectivity? I want to take my "stumbling" to the next level. Any help/ideas are appreciated. Thanks.

08-09-2001

I'm not a lawyer, but I paid attention when I've heard a few speak (especially this one: http://www.granick.com/) and from what they have said, just getting an IP and checking your mail would be against the law.

I'm not interested in a long philosophical debate about listening to what's being broadcast in the clear, or just using a resource that is being advertised by an AP, mostly because I pretty much disagree with the law in this case.

Still, if you are going to do something that might or might not be leagle, make sure you find out first so you can weigh the risks of what you are doing and make a fully informed decision.

08-09-2001

Thanks Farce! Are you a client of Jennifer's? Is she published anywhere regarding internet/wireless law? My lawyer is a generalist and doesn't have specific experience in this realm? My interest in wireless is more of a commercial endeavor and I want to excercise great care with regard to the law.

08-10-2001

Disclaimer- This information is for educational purposes only. Ideally any and all of this information would be utilized only on equipment and networks you own or otherwise have permission to use. Any variation of the suggested use has potential for serious jail time, court time, and all around no fun time.

If they are using DCHP and you are automatically getting an IP address they should also be providing gateway information and everything else. If the network is setup correctly and they provide a correct gateway you should be bouncing out to the Internet. Lots of ifs there if you noticed.

First step would be to add a sniffer/network monitor to your toolset and start monitoring the network traffic that you should see on that card.

Observe what looks like local traffic and anything that is obviously traffic going to the Internet.
Document findings.
Start inspecting various hosts to see operating systems and revisions.
Discover which are workstations and which are servers.

Basically continue as if you were performing an audit on a system that you have network access to but no other information.

Mainly it depends on what you are trying to accomplish. Check email from anywhere? See how your network is broadcasting internal trade secrets? You can continue the mindset per your own experience/desires....

John K.

08-10-2001

Adam, I'm not client but she did give me a little pro bono advice a year or so ago. Now that she is working for Stanford, I don't know what kind of availability she has.

Your attorney should be able to search the case law records and see if anything has been in the courts for this, or other databases to see if any law journal articles have been written.

08-10-2001

As a legitimate network security professional, Netstumbler has been a golden tool to detect and remove several rogue access points in the company.

I am concerned with the legal aspects of performing wireless audits. I may know know if a LAN belongs to my company or another (think tall building with multiple tenants) until I actually connect, and monitor traffic or snag an IP address and look around.

One access point was "residential class" and DHCPd a 192.168.x.x address. I could not be sure that I was on one of my network or someone else's. After pingingin a few known internal hosts, I did realize that this was my network.

This could have been someone else's network......so what exposure do I have???? It's a bad situation where the act of being vigilant may expose the company to liability.

Any thoughts?

09-20-2001

I would argue that you were trying to track down a possible weakness in your own lan because your due diligance (sp?) had shown some 'abnormalities'. The fact that you 'stumbled' (LMAO) across their lan only gave credance that your expert knowledge and hunch was 100% on target.

If they came after you then I'd go after them; because, you would not have been looking to solve a security hole if someone from their side had not FIRST tresspassed on your lan!

In any case, present yourself as a working pro in the field able to offer expert testimony and that what you are doing is for the good of your company/client and your actions have a residule benefit to theirs (by detecting possible security holes). (ROTHLMAO)

Tron Of Borg, Esq.

10-31-2001

Adam, check out the Toronto netstumbling post in regards to a question for you.

Thanks.

John K.

08-09-2001	#1 (permalink)
Posts: n/a	Found open WLANs, what now? Howdy All, I've driven around with the lappy, Orinico Gold with range extender antenna and Netstumbler and found plenty of WLANs, of which about half didn't have WEP on. I don't want to break any laws, or steal any secrets, but what's a good strategy for connecting to the WAP? I set the card to use the WAP in infrastructure mode and often get assigned an IP. But when I try to open my browser, nothing. I'm even trying this with pretty decent signal strengths. Could these WAP's just not provide internet connectivity? I want to take my "stumbling" to the next level. Any help/ideas are appreciated. Thanks.

08-10-2001	#6 (permalink)
Posts: n/a	Legitimate Network Auditing As a legitimate network security professional, Netstumbler has been a golden tool to detect and remove several rogue access points in the company. I am concerned with the legal aspects of performing wireless audits. I may know know if a LAN belongs to my company or another (think tall building with multiple tenants) until I actually connect, and monitor traffic or snag an IP address and look around. One access point was "residential class" and DHCPd a 192.168.x.x address. I could not be sure that I was on one of my network or someone else's. After pingingin a few known internal hosts, I did realize that this was my network. This could have been someone else's network......so what exposure do I have???? It's a bad situation where the act of being vigilant may expose the company to liability. Any thoughts?

09-20-2001	#7 (permalink)
Posts: n/a	Sounds like you were the one looking for an intruder. LOL I would argue that you were trying to track down a possible weakness in your own lan because your due diligance (sp?) had shown some 'abnormalities'. The fact that you 'stumbled' (LMAO) across their lan only gave credance that your expert knowledge and hunch was 100% on target. If they came after you then I'd go after them; because, you would not have been looking to solve a security hole if someone from their side had not FIRST tresspassed on your lan! In any case, present yourself as a working pro in the field able to offer expert testimony and that what you are doing is for the good of your company/client and your actions have a residule benefit to theirs (by detecting possible security holes). (ROTHLMAO) Tron Of Borg, Esq.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

08-09-2001	#2 (permalink)
Posts: n/a	I'm not a lawyer, but I paid attention when I've heard a few speak (especially this one: http://www.granick.com/) and from what they have said, just getting an IP and checking your mail would be against the law. I'm not interested in a long philosophical debate about listening to what's being broadcast in the clear, or just using a resource that is being advertised by an AP, mostly because I pretty much disagree with the law in this case. Still, if you are going to do something that might or might not be leagle, make sure you find out first so you can weigh the risks of what you are doing and make a fully informed decision.

08-09-2001	#3 (permalink)
Posts: n/a	Thanks Farce! Are you a client of Jennifer's? Is she published anywhere regarding internet/wireless law? My lawyer is a generalist and doesn't have specific experience in this realm? My interest in wireless is more of a commercial endeavor and I want to excercise great care with regard to the law.

08-10-2001	#4 (permalink)
Posts: n/a	Disclaimer- This information is for educational purposes only. Ideally any and all of this information would be utilized only on equipment and networks you own or otherwise have permission to use. Any variation of the suggested use has potential for serious jail time, court time, and all around no fun time. If they are using DCHP and you are automatically getting an IP address they should also be providing gateway information and everything else. If the network is setup correctly and they provide a correct gateway you should be bouncing out to the Internet. Lots of ifs there if you noticed. First step would be to add a sniffer/network monitor to your toolset and start monitoring the network traffic that you should see on that card. Observe what looks like local traffic and anything that is obviously traffic going to the Internet. Document findings. Start inspecting various hosts to see operating systems and revisions. Discover which are workstations and which are servers. Basically continue as if you were performing an audit on a system that you have network access to but no other information. Mainly it depends on what you are trying to accomplish. Check email from anywhere? See how your network is broadcasting internal trade secrets? You can continue the mindset per your own experience/desires.... John K.

08-10-2001	#5 (permalink)
Posts: n/a	Adam, I'm not client but she did give me a little pro bono advice a year or so ago. Now that she is working for Stanford, I don't know what kind of availability she has. Your attorney should be able to search the case law records and see if anything has been in the courts for this, or other databases to see if any law journal articles have been written.

10-31-2001	#8 (permalink)
Posts: n/a	Adam, check out the Toronto netstumbling post in regards to a question for you. Thanks. John K.