[LINK] Federal police asked to probe Google

Adrian Chadd adrian at creative.net.au
Mon Jun 7 13:55:40 AEST 2010


On Mon, Jun 07, 2010, Richard Chirgwin wrote:

> > possibly. but it's certainly a case of Richard only understanding
> > a small part of the standard and ignoring everything in it that
> > contradicts the point he wants to make (which is that it's somehow
> > unusual or "standards-breaking" to not drop packets "not addressed to
> > you" - and identifying which packets are "not addr..." is far from as
> > clear-cut and well-defined as he's stating)
> >   
> So point out the bit of the standard which I supposedly don't 
> understand. Please do, I actually like getting new information.

In fact, it's a bit more unclear than that.

Ethernet devices will do that "not-destined-for-me" filtering on the
card itself. You can put an interface into "promiscuous" mode which
turns that filter off so all packets it sees gets punted to the OS.
But wireless cards in the past have filtered this in the card - even
if you enable promisc mode, you'll only see broadcast + normal packets
destined to you. Sometimes you can just hack the driver; other
times you have to load up a different firmware or something similar
to get "all packets on the 'wire'."

You may be able to get the broadcast SSID advertisements without
hacking the driver this way (I know I can query the devices for the
available station list without modified drivers in FreeBSD) but getting
access to all traffic, not destined to me, may require driver hacks.
Also, not all APs broadcast SSIDs, and thus you have to pay attention
to traffic not destined to you to see other SSIDs. This may be doable
by default; this may require further driver hacks. Kismet on MacOSX,
for example, required me to load in an alternative binary driver to
do full wifi sniffing. I don't know if Linux/FreeBSD requires the same.

Someone with a law degree and clue in this area could possibly see
if there's a blurry line between "accidentally" because they forgot
to set a couple of flags to the packet capturing program, and
"accidentally" when they hacked the driver to capture as much stuff
as possible, separate from what the normal client driver gives you.

It feels like "It's just a bit of wire, sir" to "It's a bit of wire
shaped like a lockpick!" to me. But then, I'm not a lawyer. :)




Adrian




More information about the Link mailing list