War Driving To Be Protected In NH 387
AllMightyPaul writes "A big article on Wired.com talks about the new House Bill 495 that would legalize the innocent stumbling upon open wireless networks. Basically, it put the burden of securing a wireless network on the owner of the network and allows people to connect to open networks that they believe are supposed to be open. This is excellent news as I'm sure we've all tried to connect to one wireless network and ended up accidentally connecting to another one. Being from NH, now I can finally drive through Manchester and connect anywhere I want with little worry, but not until after January 2004, and that's if the bill passes the Senate."
war driving lessons (Score:4, Informative)
Re:Legalize it? (Score:4, Informative)
Basically before if you were driving past a starbucks and picked up their connection you could be doing something illegal. I expect it's still illegal to crack WEP (easy as it may be) but using random open wireless is Ok.
Re:dumb technincal questions (Score:2, Informative)
Re:dumb technincal questions (Score:3, Informative)
Kismet [kismetwireless.net] - Wardriving application for Linux
Airsnort [shmoo.com] - On-the-fly WEP cracking for Linux
Re:Its excellent news..... (Score:2, Informative)
You're right in that stealing is stealing. But prosecution is not just prosecution. Perhaps the cars are a bad example, so let's look at houses. If you leave your house unlocked and someone enters, that's unlawful entry. If you lock your house and someone enters, that's breaking and entering which will impose a stiffer fine. There is a difference, and laws like these help to recognize them. Breaking into a network is still illegal. Wandering into it won't necessarily be illegal anymore, even though it's unauthorized (did they explicitly invite you in? it's unathorized)
Re:dumb technincal questions (Score:3, Informative)
Even though WEP has been proven to be somewhat insecure (without weak iv filtering, you can break WEP by collecting only a few thousand packets), it is strongly reccomended that you enable it on your WiFi LAN. I also suggest enabling the MAC filtering option on your Linksys access point, as this will only allow registered MAC addresses to communicate with your access point-- the access point just ignores all traffic that isn't coming from the MAC addresses you allow. This is not an end-all security solution by any means, but it does help to deter the causual onlooker who might want to snoop some of your traffic. Of course, any accomplished cracker may very well try to crack your WEP key, but you can get around that by putting your WiFi LAN on an "unsecured" network segment and limiting access to/from the WiFi segment. You can also use things like SSH tunnels and IPSec to further restrict communication over your WiFi LAN.
All in all, much of the above is overkill if you are just using WiFi around the house, but I stand by my point that everyone who doesn't want to provide public WiFi should use both WEP and MAC filtering on their equiptment, as just about every WiFi APs offer these features, and they take (at most) 15 minutes to setup properly.
Reasonable security measures (Score:4, Informative)
Re:Wait a second... (Score:5, Informative)
1Computer Related Offenses; Network Security. Amend RSA 638:17, I to read as follows:
I.
So, the way I read it is: the owner is responsible for securing the network, but its legal IF and ONLY IF you were legally granted access, would have been granted access if asked, or had no way of knowing whether or not you were allowed to use the network.
This doesn't protect wardriving at all: if you're knowingly going around looking for unsecured wireless access points, you've already failed 1 & 2. The only issue up for debate is 3: would you have known that you were not authorized? I'm sure once this hits court, the party with the better lawyer is going to win.
Good article on WarChalking here (Score:1, Informative)
Burden is on the operator (Score:4, Informative)
The wireless protocol stands for themselves, and in a court of law they would be easy to examine line by line until the judge/jury is brain dead from the tech-jargon. Not to mention the various accredited folks who can demonstrate with freely available software that WEP is more of an annoyance. MAC based filtering is weak since it is possible to spoof the mac address with most 802.11b hardware drivers. Simply bombard the AP until the ARP table refreshes with you mac as the end point that *should* be getting the traffic. The solution most folks I know use is a hybrid of various methods. One way is to make each wireless node use VPN to the router behind the AP, and use WEP (as an annoyance) on the ether. Disabling the 802.11 beacon is the first thing that should be done, else it your fault for advertising the existence of your wireless network in the first place. As I mention before, MAC filtering helps as an annoyance to would-be-infiltrators. Finally, rename your SID to anything except "WIRELESS" as many folks get on by simply looking for the default SID.
This is my advice, as a war-driver, I know all the tricks. Enjoy!
Re:Well, someone has to pick the nits... (Score:2, Informative)
Maybe because not everyone thinks WAR is an acronym?
My understanding is that war-driving is a play on war-dialing and your acronoym sounds like something made up after the fact.
Re:Legalize it? (Score:5, Informative)
Amendment IX
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Amendment X
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
Re:Well, someone has to pick the nits... (Score:3, Informative)
Re:Wait a second... (Score:3, Informative)
How does wardriving fail 1 and 2? By using an unencrypted non-WEP signal, by allowing anyone with any MAC, by enabling DHCP the owner is authorizing access to anyone. He or she is broadcasting beacon frames advertising the AP. He or she is running a DHCP server to hand out addresses to anyone. Because the software is letting in literally anyone, the owner is authorizing everyone. No trickery is involved.
Since point #1 does not apply, neither does #2, nor #3. Of course, if one was to sniff a couple gigs of 802.11b frames in order to crack WEP, he would most certainly be in violation of the said laws. But wardriving is not.