"SSID not broadcast"... Questions

[Sasqui]

Was just sniffing around at work for WiFi and found an unsecure connection with "SSID not broadcast", so I tried connecting and it asked for the SSID name.

Is it possible to connect without knowing the SSID name? (I didn't have any luck). Is there anyway to determine it? Not trying to hitch a ride, just wondering if that's another level of security... and can I disable the SSID broacast on a WRT54G V2 with stock firmware?

[Elmo]

Quote:

Originally Posted by Sasqui

Was just sniffing around at work for WiFi and found an unsecure connection with "SSID not broadcast", so I tried connecting and it asked for the SSID name.

Is it possible to connect without knowing the SSID name? (I didn't have any luck). Is there anyway to determine it? Not trying to hitch a ride, just wondering if that's another level of security... and can I disable the SSID broacast on a WRT54G V2 with stock firmware?

I think it only accepts connection from certain mac adress and rejects the rest that are not configured .

[Sasqui]

Quote:

Originally Posted by Elmo

I think it only accepts connection from certain mac adress and rejects the rest that are not configured .

What you describe sounds like MAC address filtering, which I know is a feature of many routers including the WRT54G... perhaps the two are related, I don't know.

I guess I'll have to try looking for the SSID broadcast setting on my router and try connecting if I can disable it.

[francis511]

You can connect if you know the password..

[baggpipes]

A question how you know its there if no SSID is broadcast?

EDIT: and by unsecure you mean just not encrypted??

[Sasqui]

Quote:

Originally Posted by baggpipes

A question how you know its there if no SSID is broadcast?

On my laptop, it shows a connection and says "SSID not broadcast" with no security enabled.

If I chose to connect, it then asks me for the SSID on the next screen in the connection wizzard - using the "Intel PROSet/Wirless WiFi Connection Utility"

Edit:

I found a good explaination of the SSID broadcast here: http://blogs.technet.com/b/steriley/...ess-ssids.aspx

Quote:

Folks, there are fundamental differences between names, which are public claims of identities, and authenticators, which are secrets used to prove identities, and I've written extensively about this before. An SSID is a network name, not -- I repeat, not -- a password. A wireless network has an SSID to distinguish it from other wireless networks in the vicinity. The SSID was never designed to be hidden, and therefore won't provide your network with any kind of protection if you try to hide it. It's a violation of the 802.11 specification to keep your SSID hidden; the 802.11i specification amendment (which defines WPA2, discussed later) even states that a computer can refuse to communicate with an access point that doesn't broadcast its SSID. And, even if you think your SSID is hidden, it really isn't. Let me explain.

All 802.11 wireless networks, regardless of the kind of operating system or encryption you might use, also emit unencrypted frames at times. One kind of unencrypted frame is an association frame. This is what a client computer, or "supplicant" in the 802.11 protocol vernacular, emits when it wants to join a wireless network. Contained within the frame, in clear text of course (since the frame is unencrypted), is the SSID of the network the supplicant wants to join.

Both Windows XP and Vista work best when your access points broadcast their SSIDs. XP really doesn't behave well at all with nonbroadcasting SSIDs. Vista has some added smarts to improve this a bit. Normally, Vista continually sends probe requests for nonbroadcasting networks. These probes are similar to unencrypted 802.11 association frames, and will generate clear-text responses from the access points if a nonbroadcasting network is present. You can reduce, but not entirely eliminate, these probes by configuring the wireless client to probe only for automatically-connected nonbroadcasting networks.

Both these behaviors make it very easy for an attacker to discover your SSID. The bad guy, perhaps a contractor or a guest in your facility, could run one of many wireless sniffer programs and simply capture the hundreds of association frames or probes that litter your air. No amount of "hiding" configured in your access points can prevent this kind of traffic interception.

So there you have it, simple SSID discovery. The old axiom remains true: security by obscurity is no security at all. Hiding an SSID will not hide a wireless network, so ignore any such advice -- and it's amazing how often I continue to see this. By the way, also ignore any advice that says to use MAC address filtering. It's amazingly trivial to spoof the MAC address of an allowed supplicant -- simply sniff the traffic, look at the MAC addresses, and use the neat little SMAC utility to change your MAC to one that's permitted.