network owner and controller to secure his data in any means seen fit by himself. This means WEP, VPN, PPtP, etc etc. If you neglect to do this, your data is floating about in the airwaves free as a radio station, since 802.11b does use the ISM band, set asside for the public's use, without license. This raises another question. Cordless phones use ISM as well. (2.4ghz, 900Mhz) It is illegal to intercept and recieve any of those transmissions. The wiretap laws cover those. Some states do have "computer-to-computer" transmissions in their wiretap laws (such as New Jersey), but it does not state anything about allowing your computer to show you interference it's recieving from another computer. Now, the question of the software. I'm sure many are familiar with kismet and netstumbler, and airsnort. Kismet does collect the data that it picks up in 802.11b packets floating about the air. Does that land in with the "it's in the public, it *IS* public" laws? I think so. Anyone? Now, intentionally sitting in front of someone's house using this to gather passwords, read email, or even attempt a wep key crack, i would find to be illegal. Since you're using the data you are gathering for malicious intent. (As stated above) This is on the wardriving.com website, in the FAQ. Feel free to read it all, but this was the only part that was valid to this post. http://www.wardriving.com/doc/Wardriving-HOWTO.txt 3. Why are people Wardriving? 3.1 Is it legal? There is no cut and dry answer to this question, but simply driving around a city searching for the existence of wireless networks, with no ulterior motive cannot be deemed illegal. However, if you are searching for a place to steal internet access, or commit computer crimes then the wardriving you performed was done in a malicious manner and could be treated as such in court. Don't forget in the US, simply receiving radio transmissions on the Cellular telephone frequencies (895-925 MHZ) is illegal, a similar law could be written to discourage this, but this isn't likely. As with any questionable activity, there are always two sides. Whether you agree or disagree with the whole practice makes no difference to me, but in the future, legal proceedings and violations may be related to wardriving. Technology is not bound to ethics. It is the application and use (or abuse) of that technology that brings ethics into it. To get back to the question this technology is not really new (802.11 IEEE Standard - 1997), but this is the peak of it's popularity. And at this peak it's good to get the kinks worked out, and the security of wireless Ethernet is a pretty huge kink. WEP(Wired Equivalent Privacy) uses up to 128-bit RC4 encryption, but it was implemented wrong, so now it makes no difference whether or not you use it, it's vulnerable. There are few built-in mechanisms that provide security, not broadcasting the ESSID is a start, but a sniffer can pick it up, anything else is left to other 3rd-party devices. "3rd-party devices" Meaning that it's up to you to secure your data. If you cannot secure your data, oh well, figure it out. :) Personally, i think there needs to be more definition in the laws and regulations reguarding this. WEP could be useful, and there is a new driver based WEP256 floating about, but at the physical layer, it's still only RC4, 128-bit wep. So, the short & sweet answer to "is wardriving illegal?": No. The long answer is whatever you want it to be, with as many definitions and explanations as you see fit. I don't see wardriving illegal, but i do see association to another's access point without expressed permission, illegal. Just some observations, and my opinions, which are mine alone, with a bit of mixed fact. I would like to hear your ideas and observations on this topic. Perhaps it could be a subject for the meeting in a few weeks here. -- Alex Hartman - goober at goobe.net PGP Key fingerprint = 26 41 19 56 19 81 E2 BC EE C8 1D F4 DB B8 ED B8 "Watch out for that bus!"