[AusNOG] Wifi Security and Interception

[Richard Pruss]

On 09/06/2010, at 12:17 PM, Bevan Slattery wrote:

> And that is it's BAD (and
> possibly illegal) to INTERCEPT (and record) a COMMUNICATION (not talking
> about ethernet/Wifi/L2 but a communication under the TIA) regardless of
> bearer if you are NOT the INTENDED RECIPIENT. Period.

Way out of my narrow area of expertise here but it's an interesting thread, 
I have a few fumbling basic question here.  How much of network Ethernet/WiFi/L2/L3/l4-L7 do you feel is covered by the TIA?

And for networking if covered I then I wonder how broad you feel the things in CAPs are?

If INTENDED RECIPIENT does not include anything that can get and one expects to forward/drop on the message, allot of things
networks regularly do become implicated and possibly "BAD". 

Does a Logging ACL on a port in the network qualify Intercept and Record? DNS Relay Logs?
Is recording SSID broadcast addresses not a violation of that definition, the SSID was not meant for you so you should not record it...
The MAC's? Flow records?  ARP message on a Open AP.
How did you draw those lines for Intent with Intercept and Communication? 

Could that definition for instance be so broad it makes Netflow record export inside a corporate encrypted wifi network illegal?

I am communicating with a news server in London BBC, and my bearer
Corporate IT in this case as I am on the corporate network this morning, could record the flow details.
Corporate IT may have many good reasons to do so, like ensuring I am using the network appropriately,
checking my end-point has not been compromised etc
Corporate IT may not be the "Intended Recipient" I am sending these packets to the BBC....

- Ric