Announcement

Collapse
No announcement yet.

NetStumbler

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • NetStumbler

    Hi all,

    I already have an idea of the answer to this question, but I thought I'd pitch it out to everyone based on the severity of the issue.

    Q: Do you consider NetStumbler to be a "hacking tool"... specifically, are you able to escalate privileges using it?

    My employer (who wants to fire me and another technician) claims it is.

    Thanks in advance for your reply. Any details you could provide would be greatly appreciated.

    ~Matt

  • #2
    Re: NetStumbler

    Originally posted by DotNM View Post
    Hi all,

    I already have an idea of the answer to this question, but I thought I'd pitch it out to everyone based on the severity of the issue.

    Q: Do you consider NetStumbler to be a "hacking tool"... specifically, are you able to escalate privileges using it?

    My employer (who wants to fire me and another technician) claims it is.

    Thanks in advance for your reply. Any details you could provide would be greatly appreciated.

    ~Matt
    In order to answer this, there needs to be a definition for hacking that you and your boss agrees upon as a foundation for discussion. Your definition could be the popular one, or the historical one, or a mixture of these two. It can even be a definition that you personally are uncomfortable using, but it needs to be a definition you and your boss can agree upon, within the scope of this topic.

    Define hacking, and evaluation of it as a hacking tool should follow naturally with little analysis.

    Comment


    • #3
      Re: NetStumbler

      Airmagnet does:

      Please see this white paper:

      Also go to www.netsetumbler.org and check out the forums there.

      Mite be old news but what the heck.

      Airmagnet white paper states that netstumbler performs an attack on systems.

      Access Control Attacks
      Circumvent filters and firewalls
      to obtain unauthorized access:

      War Driving NetStumbler, WiFoFoFum

      http://www.v-system.net:81/pdf/WLAN_whitepaper.pdf

      xor

      Sorry to hear and good luck. If you had your TCP/IP stack enabled and got an address on the network that could be considered a penetration. But if you are authorized to be on that network than no.
      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

      Comment


      • #4
        Re: NetStumbler

        I wouldn't consider it one per se, but as others have pointed out the line is very blurred. One man's revolutionary is another man's freedom fighter... and one boss's "hacking tool" is another boss's "valuable security testing apparatus"

        essentially, it comes down to (1) where you work, (2) your role there, and (3) your company policies.

        if you are a security tech or sysadmin type then i would say you have every reason to have a tool like netstumbler in your kit. if you are a data-entry person and do not work with the IT shop then that's another story. basically, does your job involve any security testing ever? was netstumbler on your personal laptop or a company machine? are you being accused of using it improperly against your own network or are they saying you're just a nefarious character simply for having it at all?

        in any case, your boss sounds like an ar-tard and you likely deserve something better. however, if you want to make a counter-argument, i would say pickup a copy of Drive, Detect, Defend in order to demonstrate that the bible of the WiFi security industry mentions it as a legitimate tool and devotes two whole chapters to its proper use.

        All in all, however... i think most of all it should come down whether or not there's any evidence you were doing something questionable, not merely possessing something questionable. I like to think of it in terms of the most old-school "hacking" tool... a knife. (rim shot) I carry my knife everywhere. Even when i'm working at schools, i have it. I've never really gotten any crap for it, because while some people shouldn't have knives in a place like that, i always (1) use it numerous times a day in a legitimate way and (2) have never been seen or even alleged to use it improperly.

        In the end, however, if i had a boss say "don't bring that here" i'd simply walk off the job as i take crap like that to be a sign that people have their heads up their asses and that it's easier to walk away early than to deal with the unending tide of bullshit that you're likely to receive from such folk.

        just my $0.03
        "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
        - Trent Reznor

        Comment


        • #5
          Re: NetStumbler

          Many companies define ping, netcat, nmap and similar utilities as 'hacking utilities' that can be a fireable offense if used on the network. Absolutely absurd if you consider that the more likely cause of a rootable system will be lax admin accounts and custom scripts/apps; none of which require any of these, outside of basic gnu utils that they cannot be guarded against.

          If they want to fire you, its probably an excuse or a supplimentary reason for something else. ... I sense a large portion of the story is missing.

          oh.. and don't use netstumbler .. use kismet, or kismac, or some other real scanner if you are testing for something legit. netstumbler is an active scanner .. or maybe something has changed with a newer release, but it actually partially connects to APs to obtain the information and stats that it generates on your screen (thereby usually more accurate, but technically dancing on the grey line).
          if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

          Comment


          • #6
            Re: NetStumbler

            Originally posted by converge View Post
            netstumbler is an active scanner .. or maybe something has changed with a newer release, but it actually partially connects to APs to obtain the information and stats
            does it do that even if you have "get AP names" disabled? i would hope i haven't been misinforming people on that point in the past. it's odd that they wouldn't have had a pure RX-only mode, even if it doesn't produce the most detailed results as easily.
            "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
            - Trent Reznor

            Comment


            • #7
              Re: NetStumbler

              It's been a while, but from my understanding it extends to the statistics that it pulls for signal/noise strength .. where kismet is really just an amazing estimated guess, netstumbler is actually polling real data because it is actually partially associated. That is 3-5 year old unconfirmed (laziness) knowledge though .. so .. take it for what it is.
              if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

              Comment


              • #8
                Re: NetStumbler

                Originally posted by Deviant Ollam View Post
                does it do that even if you have "get AP names" disabled? i would hope i haven't been misinforming people on that point in the past. it's odd that they wouldn't have had a pure RX-only mode, even if it doesn't produce the most detailed results as easily.
                Sorry, Deviant, you have been misinforming people. The "Get AP Names" is only for those APs that are capably of sending an optional AP name string. Basically, it only applies to some Cisco, ORiNOCO, and a few Linksys-Cisco models. Disabling that feature just means you don't get the "AP Name" which has nothing to do with the SSID. The AP Name is merely an optional identifying string you can enter on some models, such as "AP #2", "Third Floor NE" or "Big Bad Bob's Home AP". On the Linksys units it defaults to the model number such as "WAP54g" or WRT54g".

                NetStumbler was designed as a active (TX & RX) scanner. It always sends a Beacon Probe request packet, and it does not have an RX only mode. A lot of that had to do with the API that the author (Marius Milner) used to first program it.

                To answer the original question, NetStumbler is not a "hacking" tool. (That of course is using the pejorative, an idea to which I don't subscribe.) It was designed as a free wireless networking engineering tool. Parts of it as now included with at least one very serious (and serious costing) wireless engineering tool.

                A portion of the README is quoted below. You will note that only the last activity, which was something of an afterthought, is anything close to "hacking".

                What is NetStumbler?

                NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

                * Verify that your network is set up the way you intended.
                * Find locations with poor coverage in your WLAN.
                * Detect other networks that may be causing interference on your network.
                * Detect unauthorized "rogue" access points in your workplace.
                * Help aim directional antennas for long-haul WLAN links.
                * Use it recreationally for WarDriving.
                Last edited by Thorn; November 20, 2007, 14:40. Reason: Typos
                Thorn
                "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                Comment


                • #9
                  Re: NetStumbler

                  But technically netstumbler isn't much different than Windows Zero Config or other wireless card AP location programs. Both provide signal strength as well as encryption method. If you say netstumbler is a hacking tool that so is, Intel Pro Wireless Tools, Dell's Tools (Broadcom yuck) or Proxim's Tools.

                  I would attack your bosses argument on that basis and it will fall apart. But as someone else mentioned earlier if they simply don't like you then you have given them an excuse to get rid of you.

                  At a very low level most wireless cards/ap's do associate with each other whether you want them to or not. If you want technical ammo I recommend 802.11 Wireless Networks The Definitive Guide 2nd Edition by M. Gast from O'Reilly ISBN 0-596-10052-3 It really is a definitive guide.

                  xor
                  Last edited by xor; November 20, 2007, 16:12.
                  Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                  Comment


                  • #10
                    Re: NetStumbler

                    I'm sorry but this is really bugging me.

                    At what layer or point do you cross the line in the 802.11 protocol stack? If it was a piece of wire the second you tapped in either through induction, or made a physical splice you would be connected into the PHY network layer and you would be crossing that line.

                    Since there is no wire and the free space becomes the medium couldn't it be stated that any type of network discovery where information even low level information at the PHY layer changing hands would be a violation of privacy.

                    xor
                    Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                    Comment


                    • #11
                      Re: NetStumbler

                      Originally posted by xor View Post
                      I'm sorry but this is really bugging me.

                      At what layer or point do you cross the line in the 802.11 protocol stack? If it was a piece of wire the second you tapped in either through induction, or made a physical splice you would be connected into the PHY network layer and you would be crossing that line.
                      The not necessarily enforceable line is wherever the owner decides it should be.

                      The enforceable line is what the law says it is based on facts.

                      The actual line is the intersection between the set of all thing the law specifies as illegal, and the set of all things the offended are willing and able to pursue through legal means.

                      There is no single answer that can provide a unilateral, 100% accepted line, other than a relative description for a line.

                      Proof by extreme exception: "No victim, no crime." (empty set.)

                      Since there is no wire and the free space becomes the medium couldn't it be stated that any type of network discovery where information even low level information at the PHY layer changing hands would be a violation of privacy.

                      xor
                      FCC could be consulted with this part. If the band in use is part of a public allocation of BW, then there are likely test cases in court that can be found where use of information passed over CB, or other public band is used in some way the "owner" never intended. New laws may, of course, obsolete old test cases.

                      Comment


                      • #12
                        Re: NetStumbler

                        Based on my experience in both the law enforcement side and what I know of wireless networking, it would it would seem that transmitting a Beacon Probe and interpreting any response is completely legal. The 802.11 protocol is designed to allow this without association (i.e. no connection to the AP or the network), and is little more that shouting "Is anyone here?" and listening for a response.

                        The line is crossed when someone associates with a given Access Point by configuring their equipment -or allowing it to configure itself- to use a given SSID, and then using the network without the permission of the owner. The "permission" may be expressed (Q:"Hey, Joe, can I use your wireless." A:"Sure!") or it may be implicit due to the circumstances (e.g. an SSID of "Free Public Wireless" or signs on the premises indicating public-use wireless.)

                        Contrary to popular belief among some people, a default, unencrypted, unsecured wireless network is NOT a public asset, nor is the permission implicit due to the fact that it is open to access without security settings. It doesn't matter if someone is using it for a low impact use ("I'm only checking my email!" seems to be the universal cry of the low lifes who do this) or they are attempting to download the Library of Congress. The association and use without permission is the 'legal line'. Most arrests and convictions both in the US and other countries have followed this principal, and it seems to be thus far universally accepted as the standard in courts both here and abroad.
                        Thorn
                        "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                        Comment


                        • #13
                          Re: NetStumbler

                          Originally posted by Thorn View Post
                          Based on my experience in both the law enforcement side and what I know of wireless networking, it would it would seem that transmitting a Beacon Probe and interpreting any response is completely legal. The 802.11 protocol is designed to allow this without association (i.e. no connection to the AP or the network), and is little more that shouting "Is anyone here?" and listening for a response.
                          ... Well put. I could not agree more.
                          Love is a Mental Illness

                          Comment


                          • #14
                            Re: NetStumbler

                            Thorn: It has been my understanding (quite possibly incorrect) that netstumbler does actually, partially associate to attain the snr stats that it calculates. If true.. this *could* be argued crossing the line. I have no good sources other than typical defcon poolside chat .. maybe I can blame chatting with kershaw back at nyc2600.. or something. But I have never actually bothered to dig deep enough to confirm.

                            Anyone able to authoritatively yay or nay? Mythbusters?

                            As law seems to pop up once every several months still, it is worth noting that people passively scanning may not be directly crossing an ethical line.. but could actually be infringing on other local ordinances depending on locale of the scan.
                            if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

                            Comment


                            • #15
                              Re: NetStumbler

                              Originally posted by converge View Post
                              Thorn: It has been my understanding (quite possibly incorrect) that netstumbler does actually, partially associate to attain the snr stats that it calculates. If true.. this *could* be argued crossing the line. I have no good sources other than typical defcon poolside chat .. maybe I can blame chatting with kershaw back at nyc2600.. or something. But I have never actually bothered to dig deep enough to confirm.

                              Anyone able to authoritatively yay or nay? Mythbusters?
                              SNR is a radio receive RF function, were the Noise level is compared to the Received Signal. As such, it's all computed at the receiver (NetStumbler) end and doesn't require an association.
                              Thorn
                              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                              Comment

                              Working...
                              X