That sounds like agreement to me.Originally Posted by Revelati
Anyone who is even a little into IT security could have told you that. It was nice of you to spend your time figuring out something that so many people already know and have proven time and again.I have mapped a few hundred APs in my college town and I am amazed at the lack of security. Right now I see about 80% of APs are vulnerable to attack.
1/3 are simply open
1/3 are WEP which in my estimation is worse than open because a monkey can crack it and it gives the user a false sense of security.
1/3 are WPA which is good but ill make a bet that 80% of those are crackable from a decent dictionary attack.
From a white hat perspective I can see the over all security situation of the general public. (Which is pretty grim)
Excellent so you do propose to use it for illegal activities, not just facilitating other's illegal activities.From a Black hat perspective I have just created a battlefield map and can now pick and choose which APs I want to attack based of physical location.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
You are right, mapping Aps is completely useless, public sucurity auditing is dumb because it's been done before and I am an evil haxor who wants to see what kind of pron my 60 year old neighbor looks at.
You sure got me there, care to say anything relevant to the original post?
No, didn't think so...
Keep the topics on track and the insults to a minimum.You are right, mapping Aps is completely useless, public sucurity auditing is dumb because it's been done before and I am an evil haxor who wants to see what kind of pron my 60 year old neighbor looks at.
You sure got me there, care to say anything relevant to the original post?
No, didn't think so...
It's not "dumb". It's illegal, plain and simple, if you "audit" something you don't have permission to audit you're doing something illegal. Why is this so hard to grasp?Wow finally the truth.because it's been done before and I am an evil haxor who wants to see what kind of pron my 60 year old neighbor looks at.
Sure. Here you go:You sure got me there, care to say anything relevant to the original post?
Using signal strength as a way to measure distance from an AP is completely impractical (even in your flat open field example) due to the number of factors that can affect RF signals, including (but not limited to): atmospheric conditions, vegetation, mineral deposits, solar activity, other RF bleeding into your space, other RF operating in your space, etc. I suppose you could expand your example to remove all those conditions but then you're suggesting operating in some fictional world.The harder way would be to calibrate the antennas before hand testing signal strengths at different ranges to an AP. And getting a range from a single location.
(If my signal at 10 yards is 100% and my signal at 100 yards is 10% then if im getting a signal of 50% the AP must be 50 yards away.)
and/or
(If my panel antenna has a signal of 25% to an AP at 50 yards directly in front of it, and my yagi has a signal of 50% to an AP at 50 yards directly in front of it, then when I get a reading of 25/50 from my two antennas, the range to an AP must be 50 yards.)
Actually yes, it's just not what you want to hear.No, didn't think so...
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
That's slot of federal offenses does anyone know if mapping aps and recording what kind of security they use is illeagle? Because that's really all I want to do.
I've always been under the impression that you need to access a network in order to do anything illeagle.
You'd need to lookup info on lawful intercept, use/mis-use/disruptions of telecoms services, etc.
From a previous thread:
Not to mention that within the US if someone wanted to be really nasty they could argue some kind of DMCA violation for reverse engineering the signal/crypto.IronGeek has a good summary of some US & State laws here:
http://www.irongeek.com/i.php?page=c...e-hacking-laws
There's a brief discussion about some Canadian law here:
http://forums.remote-exploit.org/sho...43&postcount=8
(Canadian Criminal Code, Bill C-46, Sections: 326, 342, 430, etc)
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
I hate making eagles sick as well. What is the point of mapping what kind of security they have? I'm just curious.
Plus, you never did answer my question regarding your calibrated equipment. There's no way you're going to get accurate results with off the shelf commercial grade equipment, it just isn't designed to be that good.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Thanks I'll leave the poor eagles out of it now on :-)
Well I was hoping to try and fudge some of the calibration using software to make a "best guess" prediction based on what you already know about how the signal distortion.
I am also working on getting a ham operator license which should hopefully allow me to play with some higher sensitivity equipment. I'm also not afraid to get out the soldering iron for some modding (as long as it complies with all pertinant laws of course)
As for the legality of what I'm trying to do current PA state law allows for passive detection of aps as long as no attempt at connection or data interuption or modification is made. Thanks for the links on legality by state those should be sticky if they aren't already.
As for why I want to do this, it just seemed like a cool project. There really is no other point.
You might also want to checkout:
- § 910. Manufacture, distribution, use or possession of devices for theft of telecommunications services. - http://members.aol.com/StatutesP7/18PA910.html
- § 3926. Theft of services. - http://members.aol.com/StatutesP3/18PA3926.html
From IronGeek's list you might want to further consider:
§ 3933. Unlawful use of computer.
(a) Offense defined.--A person commits the offense of unlawful use of a computer if he, whether in person, electronically or through the intentional distribution of a computer virus
...
3. intentionally or knowingly and without authorization gives or publishes a password, identifying code, personal identification number or other confidential information about a computer, computer system, computer network or data base.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
§ 3933 (a)(3) would certainly apply if data were published and if the data was captured packets that had been originally encrypted and had subsequently been decoded. However, data that is broadcast in the clear, such as the SSID or the AP's MAC, cannot be considered private in the US, under FCC Part 15, and other FCC regulations.
Thorn
Stop the TSA now! Boycott the airlines.
Posting Permissions
