hidden ssid
Last Post: January 3, 2005:
-
mademirci Escribió:
is it possible to find the exact ssid in a wep enabled enviroment. I examine the beacons and the encypted data with airopeak but can't get the ssid of my network,airopeek put dots (.) for every character in the ssid. And airopeek only shows ...s for the ssid.
How can i find the ssid of a hidden network?
Just wanted to clear one thing up, Beacons are Management Frames and are never encrypted..so there is no reason to not catch the SSID (even if broadcast is disabled). Just run another capture with a filter set to capture between byte offsets of 37-51. You'll find it. -
What are the major security risks to 802.11b?
Here is the list of main known security risks with 802.11b:
Insertion Attacks
Interception and monitoring wireless traffic
Misconfiguration
Jamming
Client to Client Attacks
WEP, the encryption standard for 802.11, only encrypts the data packets not the 802.11 management packets and the SSID is in the beacon and probe management messages. The SSID is not encrypted if WEP is turned on. The SSID goes over the air in clear text. This makes obtaining the SSID easy by sniffing 802.11 wireless traffic.
By turning off the broadcast of SSID, can someone still sniff the SSID?
Many APs by default have broadcasting the SSID turned on. Sniffers typically will find the SSID in the broadcast beacon packets. Turning off the broadcast of SSID in the beacon message (a common practice) does not prevent getting the SSID; since the SSID is sent in the clear in the probe message when a client associates to an AP, a sniffer just has to wait for a valid user to associate to the network to see the SSID.
MAC Address Filtering
Some Access Points have the ability to filter only trusted MAC addresses. MAC addresses are suppose to be unique addresses on the network. This feature is usually very difficult to implement in a dynamic environment due to the tedious nature of trying to configure AP for each and every trusted client. The MAC address is transmitted in the clear text, so any intruder can sniff authorized MAC addresses, and with proper tools, configure and masquerade their MAC address as a legitimate MAC address and by-pass this security mechanism. Enabling this security feature can be more effort than the actual security benefit that it provides -
When I was a Novell admin, I used to put in a "hidden" user that would always give me access to the network, regardless of what happened -- I was a bit more paranoid back then than I am now -- wait, who am I kidding, I'm still paranoid. Anyway, the way I hid my "superuser" was by using a username with eight dashes or spaces. I found the dashes looked more like a part of the screen than the empty space created by the spaces. Regardless, the effect was the same. These usernames always appeared as the very first username in the list of users. I had more experienced people miss that one tiny glitch than anything else. It was my method of "hiding in plain site".
Maybe, just maybe, the SSID of your hidden WLAN is "....".
Either that or the SSID was created using high character bits that can't be displayed. You could cut and paste them from the management frames into something that shows the actual ASCII codes. Paste them into Word and then turn on Reveal Codes -- maybe that would make them show up.
Joel