wpa_supplicant / ndiswrapper / Dell WLAN 1450 / Slackware

Jouni Malinen jkmaline at cc.hut.fi
Thu Dec 23 20:54:24 EST 2004


On Thu, Dec 23, 2004 at 04:48:09PM -0800, Philip H. Schlesinger wrote:

> Hey hot shot: I was a panel member of BiCSi's Wireless Design Specialty 
> curriculum design committee (and the person they turned to when we got 
> to the 802.11 section).  Rule #1 of wireless security is to turn off 
> ssid broadcast.

That better not be the only rule since it does not really provide any
real security. Rule #1 could be to enable WPA2 with CCMP (or
WPA-TKIP/CCMP could be closer to real world at the moment as far as
getting devices easily is concerned). Alternatively (or in addition),
other security mechanisms (e.g., IPSec tunnel) could be used.

The AP continues sending Beacon frames even if it has "ssid broadcast"
disabled. It even advertises that it is an WPA-enabled AP. If you have
even a single authorized client next to the AP, you can learn the SSID
by either listening to Probe Requests/Responses or (Re)Association
Requests/Responses. If you're ok with an active attack, sending a
deauthentication or disassociation frame to the client is enough to
trigger the client to reassociate and reveal the "hidden ssid"
immediately..

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list