Wardriving for wireless LANs 2

Owen Lewis oml at sysrx.uk.com
Sat, 1 Jun 2002 22:58:16 +0100 

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Adrian
> Midgley
> Sent: 01 June 2002 17:06
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: Wardriving for wireless LANs 2
>
>
> On Saturday 01 June 2002  1:27 pm, you wrote:
>
>
> > Case law has established that being in
> > possession of a receiver with non-public use frequencies set into its
> > memories is sufficient evidence to obtain a conviction for an
> offence under
> > WTA 49.
>
> > The reasons for this sea-change are doubtless varied but would
> include the
> > following:
>
> and also the change from wireless receivers with continuous
> mechanical tuning
> to one with memories...

That argument is certainly used but it is, I think, specious. The scanners
used by almost all amateurs and some professional only step over a few tens
of channels a second. This may sound very impressive, but one's chances of
detecting a low duty cycle (not much transmitting time) is pretty dismal
unless the search can be confined within tight frequency limits. Even it may
require hundreds or even thousands of spectrum scans to detect the use of a
specific narrow band channel. The maths is pretty horrid but can be
approached as a binomial distribution where the step speed of the scanner,
the range of the scan, the duty cycle of the transmitter, the max duration
of transmissions are the key variables.

Given a scanner that will scan (say) 10,000 channels a second and, even
then, unless one knows pretty closely the frequency band to search, it may
take many scans to detect some patterns of activity.

Given a scanner that will step 100,000 times per second then, is can be
possible to detect with certainty any transmission in any of, say, 250,000
channels if the transmission lasts only for even half a second.

Setting the 'finds' into memory space in the receiver is also too limiting.
Stream all the data off into a PC where some powerful processing can take
place. Machines get faster and cleverer but, at the end of it all, there's a
poor little lump of wet organic material that has to make sense of the all
the output without getting swamped. Innovative software design, starting
from the presentation of numeric data by means graphical analogues, is
essential if the poor organics are to be on top of their job.

But amateurs can't get equipment that can do these things and few
professionals need such a capability.

> When I were a lad the only way to get to a particular frequency
> was to tune
> to it.  Nowadays you can type the numbers into it.

Yes, but that's soooo slowwww.... Truth is, it looks smart but it is not
much of an advance on a well kept paper and pencil log, for most purposes.
>
> However, the standard sort of tuner still allows you to tell it
> to move up
> the frequency range until it finds a transmission, and then present the
> content to you... as in most car radios.

That takes us back to the beginning of this post.

The 'fear' the police in particular have for both the confidentiality and
the survivability of their communications is largely misplaced. To the
extent that the fear is real, they should address themselves to a sufficient
remedy. Making listening to Plod an offence is simply being officious and
does no good. Has no one told them that criminals don't play by the rules?
They would do well to note that the military make no such complaint. As an
object lesson in what they should be doing, they could do worse than to
attempt to eavesdrop tactical military communications with a few hundred
quids worth of scanner and see how far that gets them.

Owen