| This really doesn't reduce the "vulnerability" much at all, though. If your WiFi adapter is not turned off, it's still going to send probe requests that include the SSID you're trying to join. All I have to do as an attacker is run an access point (note: I can build an AP out of a standard notebook running Linux or BSD -- it doesn't have to be a dedicated piece of hardware) with that SSID, and you'll still associate to my rogue network. You'll still get the same type of link-local address (unless I'm running a DHCP server), because that's IP functionality that's independent of the WiFi transport layer. I've still got IP-level connectivity to your computer. There really isn't much difference between the two cases.
If you don't want to expose your machine, turn the WiFi adapter _off_ when you're not deliberately using it, or at least make sure you've only been using authenticated networks. |
