wpa_supplicant / ndiswrapper / Dell WLAN 1450 / Slackware
Thu Dec 23 17:54:24 PST 2004
On Thu, Dec 23, 2004 at 04:48:09PM -0800, Philip H. Schlesinger wrote:
> Hey hot shot: I was a panel member of BiCSi's Wireless Design Specialty
> curriculum design committee (and the person they turned to when we got
> to the 802.11 section). Rule #1 of wireless security is to turn off
> ssid broadcast.
That better not be the only rule since it does not really provide any
real security. Rule #1 could be to enable WPA2 with CCMP (or
WPA-TKIP/CCMP could be closer to real world at the moment as far as
getting devices easily is concerned). Alternatively (or in addition),
other security mechanisms (e.g., IPSec tunnel) could be used.
The AP continues sending Beacon frames even if it has "ssid broadcast"
disabled. It even advertises that it is an WPA-enabled AP. If you have
even a single authorized client next to the AP, you can learn the SSID
by either listening to Probe Requests/Responses or (Re)Association
Requests/Responses. If you're ok with an active attack, sending a
deauthentication or disassociation frame to the client is enough to
trigger the client to reassociate and reveal the "hidden ssid"
Jouni Malinen PGP id EFC895FA
More information about the Hostap