February 16th, 2004, 04:23 PM
I have heard many people talk about wireless laws and limitations but I cannot find any set law on the limitations of wireless intrusion.The reason I am posting this is because in my last job there were a few NON-WEP enabled networks which we just hopped on and browsed the internet. Was this illegal? The funny thing is I found out who they were just before I left that company. A government contractor for software develpment. THere were about 5 of us who used the wireless networks from time to time. I am in the situation now where I am using wirless G at home now and I can also see my neighbors WiFI. One of which I know and another I do not. I did not have WEP enabled until recently due to I live in BFE. Now I think I have someone hopping on my network with the WEP enabled. Not that it really matters that they use little of my bandwidth but isn't that illegal in any way? There has been no intrusion on any of my systems. I just see the mac as a DHCP client. I am going to start using mac auth soon but I am asking the people here if there are any laws or limitations? Or is this all based on morals?
Thanks in advance....
February 16th, 2004, 04:28 PM
AFAIK, there are no laws that deal with wireless specifically and I don't think warwalking/wardriving has been tested in court as of yet.
However, if you put in mechanisms that identify that users must be part of the network (static ip, static MAC, firewall, authentication) I would think (a guess here) that the laws that pertain to wired networks would apply.
So right now.. it's probably not illegal. Perhaps unethical (it's not your network and you weren't invited) but don't think it's illegal.
February 16th, 2004, 04:34 PM
I have been monitoring his activity and I think it is a kid using AIM. I am just curious how he cracked my WEP. I will check around with the local kids and see if I can figure out how he obtained it.
February 16th, 2004, 04:38 PM
Oh my. You didn't seriously think WEP would protect? There are numerous tools out there -- AirSnort amongst them -- that easily crack WEP. WEP is a joke quite honestly and it's shocking to see dependency on it. Because the kid broke the WEP, however, he has broken into your network technically.
I understand -- albeit in a limited sense -- that a new Wireless protocol (802.11i?) will have security at the core of the protocol. Anyone heard/know more about it?
February 16th, 2004, 04:57 PM
I wrote a tutorial on Wi-Fi law a while ago. You can find it here.
There are laws regarding Wi-Fi, and it basically all comes down to this:
- wardriving is absolutely NOT illegal.
- connecting to an unprotected wireless network is NOT illegal, for the simple reason that there is no way one can make the distinction between a wireless network that is left open intentionally, and one that is left open "by accident". It is NOT illegal to use the bandwith provided by that left-open hotspot, in reasonable amounts. It IS illegal (of course) to tamper with data.
- connecting to a protected network (non-broadcasting SSID, WEP, MAC-based access,...) IS illegal.
But then again: as there are no specific laws regarding Wi-Fi, it's all up to the judge's interpretation...
802.11i is supposed to have WPA (Wi-Fi-Protected Access) as a replacement of WEP built-in, using AES' Rijndael algorithm (128. 192, and 256 bits). As this requires a lot more processing power than the standard WEP, it's still a question when the first products will be available (and then I'm not even talking about interoperabililty/compatibility)...
February 17th, 2004, 07:35 PM
No, I didn't think that WEP would provide complete protection. I just underestimated the people in my neighborhood. As of the programs to crack WEP. I do not know of any that will run on a windoze platform. Airsnort is developed mainly for Linux as far as I know. I haven't seen a windows version of anything that will do anything like that without compiling your own monster.
February 17th, 2004, 10:18 PM
If you are concerned about people connecting to your wireless set it up so that only certain MAC addresses can connect. WEP is also a good Idea for the fact that not every one out their knows about cracking WEP. You could also change your default IP configuration on the AP you know set it up to have a class A address but run it with a class B subnet mask. You should see what your signal distance is. you can turn the distance down from within your AP configuration settings.
February 17th, 2004, 10:32 PM
Hmm....havent heard of any laws on Wi-Fi, but, i'm sure they'll find a way to get u in trouble given that they catch you. Here's some good information on wireless lans:
You can easily say that the majority of people do not even use WEP, and that their wireless networks are extremely vulnerable and open to attackers. I simply drove around with a laptop on the passenger's seat, running NetStumbler, and it picked up around 40 signals, and only 5-7 of them were secure. Some folks actually named their network the same as their street address, actually making someone not need a GPRS. Also, it picked up a signal driving at 60 MPH in an interstate.
February 19th, 2004, 09:34 AM
You could possibly run WEPCrack on Windows if you have Perl support, but that should not prove to be a problem. Yeah, you might have more than your average script kiddie on, but he's not unbeatable. If you think the bandwidth is not that big of an issue, have some fun and put a sniffer in place.
As posted above, once he broke WEP he committed an illegal action because he connected to a network which was obviously restricted to 'public' access [like the ones I find wardriving are, with all their defaults 'securely' in place].