dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
12807
DSLrgm
Premium Member
join:2002-08-22
Oak Park, MI

DSLrgm

Premium Member

Debunking the Myth of SSID Hiding

This paper explains what I have been talking about.

You can access it at:

»www.icsalabs.com/html/co ··· rs.shtml
Sentinel
Premium Member
join:2001-02-07
Florida

Sentinel

Premium Member

Apparently you have to be a member to see that article. Can you give me the basic gist of it please?
DSLrgm
Premium Member
join:2002-08-22
Oak Park, MI

DSLrgm

Premium Member

Registration is free. They don't track users. More to see if competitors are browsing for info....

You might be able to fool the AP some of the time, but the Station none of the time (SSID hidden in BEACON but not PROBE Response. SSID always in ASSOCIATEs and BEACON Requests).

If you try to fool the AP, you pay in performance (active scanning by Stations).

Or:

Not only can't you win for trying. You loose double.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

1 edit

Anav

Premium Member

said by DSLrgm:
They don't track users. More to see if competitors are browsing for info....
Man speak with spooned(sliver) tongue!

inmuck
Idiot In The East
Premium Member
join:2003-01-29
Raleigh, NC

inmuck to DSLrgm

Premium Member

to DSLrgm
Microsoft also goes by the same way.

According to Microsoft, "Disabling SSID broadcasts on an access point is not considered a valid method for securing a wireless network."

Refer »support.microsoft.com/de ··· s;811427
for more details

trparky
Premium Member
join:2000-05-24
Cleveland, OH

trparky

Premium Member

Are you saying that hiding the SSID is useless? It doesn't increase security?

No_Strings

join:2001-11-22
The OC

No_Strings

He's been saying it for a long time, but keeps getting drowned out by the mindless marketing drones from both schlock and otherwise reputable companies who perpetuate the myth so that they have another check box in the feature column.

boomerbubba
join:2001-06-15
Austin, TX

boomerbubba to trparky

Member

to trparky
said by trparky:
Are you saying that hiding the SSID is useless? It doesn't increase security?

If I may presume to answer for DSLrgm, the answer is yes.

Disabling SSID broadcast does no more to prevent wireless security breaches than taking your name off the door prevents burglary. It provides a modicum of obscurity, which is not security.

Your SSID still can be discovered with many readily available tools, and anyone who can crack your encryption (the only real security) would have such tools.

inmuck
Idiot In The East
Premium Member
join:2003-01-29
Raleigh, NC

inmuck to DSLrgm

Premium Member

to DSLrgm
Yeah! In otherwords it's useless. There are lot of software available to find any SSID (even if it is hided)

It is also useless when you are using Windows Wireless Zero Configuration i.e built-in Wireless Utility on Windows XP
jdmt
Premium Member
join:2002-05-06
Seattle, WA

jdmt to DSLrgm

Premium Member

to DSLrgm
SSID hiding is not "true security". Certainly it can obscure a wireless network from the casual war driver - why have a neon sign on top of your house advertising your network?

As the article details, there is a performance penalty, but for my small home network, the obscurity is worth the cost.

No_Strings

join:2001-11-22
The OC

No_Strings

said by jdmt:
Certainly it can obscure a wireless network from the casual war driver ...
True only if you assume that NetStumbler is the exclusive tool used by casual war drivers (who are not, I think, who should be keeping you up at night). If you can burn a CD, you can see every SSID in your neighborhood.
Sentinel
Premium Member
join:2001-02-07
Florida

Sentinel to DSLrgm

Premium Member

to DSLrgm
So let me see if I got this straight.

You are saying that...
1. Disabling SSID is useless because they can see you anyway.
2. It is a bad idea to do it because it is useless (does no good what so ever) and by disabling SSID you slow down your network.

If that is what you are saying then I have two questions.

RE: #1... How do they see you anyway if you are no longer broadcasting SSID? If they are driving down the street looking for SSID's then they will not see you. If they know you are there then yes they will employ more means to get in but if they don't know you are there and are just cruising by then how do they know you are there?

RE:#2... How much of a performance hit on a small home LAN of 2 or 3 PC's that are not even used at the same time often?

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera

MVM

Kismet is a passive scanner. NetStumbler is an active scanner. Passive scanners will discover networks and SSID even if the SSID is disabled.

Kismet will 'see' the wireless network even with SSID disabled. However, it won't discover the hidden SSID until a wireless client associates with the AP. There are tools to force a client to dissassociate, which will then cause it to associate, thereby exposing the SSID.
DSLrgm
Premium Member
join:2002-08-22
Oak Park, MI

DSLrgm to Sentinel

Premium Member

to Sentinel
said by Sentinel:
RE: #1... How do they see you anyway if you are no longer broadcasting SSID? If they are driving down the street looking for SSID's then they will not see you. If they know you are there then yes they will employ more means to get in but if they don't know you are there and are just cruising by then how do they know you are there?
Timing is everything. Someone driving by may only capture the BEACON. "There is an AP here". You can NOT turn BEACONs off. Things get REALLY broken when you do. Or there is a LOT to hard configure. But if they are near you for 1 minute and there is active traffic, they can pull out the SSID.
quote:
RE:#2... How much of a performance hit on a small home LAN of 2 or 3 PC's that are not even used at the same time often?
This is an RF issue. How often do your systems ASSOCIATE? Sometimes only at boot. Other times every few minutes.

I was just in a bank where they had an AP in the center of the building for the CFO, and it look like his complaint about every few minutes going off the wireless was an RF problem. The wireless is ONLY for this one person. There is no one else on the wireless, and it is far enough into the building that any signal outside will be weak at best.

You might have a great RF environment or a terrible one. And it can change very easily. For me it is great at my desk. OK in my NOC. Poor at the dining room table.
Sentinel
Premium Member
join:2001-02-07
Florida

Sentinel

Premium Member

Thanks bbarrera and DSLrgm.

So my take on it would be that IF you are experiencing no performance problems or issues then it would not hurt to turn SSID off, although it will only help against the mildest of war drivers. However if you are experiencing problems turning off SSID should be the first step. And if you are inclined to turn off SSID don't be concerned about it.

Sound good?
DSLrgm
Premium Member
join:2002-08-22
Oak Park, MI

DSLrgm

Premium Member

said by Sentinel:
Thanks bbarrera and DSLrgm.

So my take on it would be that IF you are experiencing no performance problems or issues then it would not hurt to turn SSID off, although it will only help against the mildest of war drivers. However if you are experiencing problems turning off SSID should be the first step. And if you are inclined to turn off SSID don't be concerned about it.

Sound good?

I think you mean 'turning *ON* SSID should be the first step'.

You have to create an SSID for your network. DO NOT USE THE DEFAULT even if you turn it 'off'. Once you do that, why take the extra time to turn it off and hand config it in all your clients????

But if the work is already done (and your SSID is not 'My Home at 1234 Main St.''), then leave it alone for now.
Sentinel
Premium Member
join:2001-02-07
Florida

Sentinel

Premium Member

Right I mean turning off the "disable SSID broadcast" which is turning on the SSID broadcast. (whew, say that 5 times fast)

Yes, I changed my SSID and then entered it in all my clients and then turned it off and everything works fine and it is a random bunch of characters.

About the only problem I have is when my family members come over to visit and they try to use their laptops to get online Oh well...
kidem7
join:2003-12-21

kidem7

Member

disabling ssid broadcast does enchanced security, but with netstumbler you can still get mac addresses....hence mac address spoofing, so like some of you have already said , turning this off is only against the inexperience wanna be hacker.
kidem7

kidem7

Member

i just read that "Debunking the Myth of SSID Hiding" i dont agree with it 100%, reason being im in Research & Development my self,which we have tested it, and i came to a conclusion and this is common sense if your signaling(beacon) you are saying im right here, just like a lighthouse(AP) for a boat when the captain(PC) cant see, it beacons so the captain(PC) can find it, but no matter if the captain(pc) can find it through a map(Static ip and static SSID) he is fine,if you can get this

the paper said something about performance, which i do find true in some AP, about 25% of them, linksys is the worst for it, netgear passed with flying colors, but different situations can change things like always,

not saying im right or wrong just my findings
willyb_jr
Premium Member
join:2003-09-05

1 recommendation

willyb_jr

Premium Member

I lock my car when I go into the grocery store.

I disable SSID broadcast - when my AP is on - for the same reason

No_Strings

join:2001-11-22
The OC

No_Strings

Bad analogy. Turning off the SSID broadcast is more like locking the doors but leaving the windows rolled down.

PetePuma
How many lumps do you want
MVM
join:2002-06-13
Arlington, VA

1 edit

PetePuma to willyb_jr

MVM

to willyb_jr
said by willyb_jr:
I lock my car when I go into the grocery store.

I disable SSID broadcast - when my AP is on - for the same reason

Yes, but the correct parallel here is that you lock your door but leave the window down.

Ha ha-- No_Strings beat me by a few minutes!
willyb_jr
Premium Member
join:2003-09-05

willyb_jr to No_Strings

Premium Member

to No_Strings
And what - in your analogy - are the windows?

I also take every other step to secure my AP from outside access.

Are you implying that hiding the SSID is fruitless?

No_Strings

join:2001-11-22
The OC

No_Strings

Disabling the SSID in the beacon only keeps a tool such as NetStumbler from seeing your AP. Tools like Kismet or AirSnort will see them no matter what and will capture weak keys, flag networks responding to probe requests, list the MAC address of the AP and any associating clients, show the IP range of the network and help to crack the WEP keys. Which would worry you more: a kid with NS and a Pringles can or someone equipped to get all of the available info?
willyb_jr
Premium Member
join:2003-09-05

willyb_jr

Premium Member

Honestly, they both worry me. They both can do damage - although I don't have anything the 'pro' would want, other than bandwidth...

If I can keep the kid out by hiding my SSID and taking a performance hit - so be it. We all suffer when we have to run AV, Firewalls, IDS, layered protection, etc, etc, etc.

boomerbubba
join:2001-06-15
Austin, TX

boomerbubba

Member

said by willyb_jr:
If I can keep the kid out by hiding my SSID and taking a performance hit - so be it. We all suffer when we have to run AV, Firewalls, IDS, layered protection, etc, etc, etc.

I think No_Strings' point is that "the kid" is just a wardriver. Wardrivers are more comparable to birdwatchers than to crackers or even hackers.
willyb_jr
Premium Member
join:2003-09-05

1 edit

willyb_jr

Premium Member

Yep - I totally agree.

My analogy was meant as a portion of the "big picture" - in which we take all the necessary steps in securing our property; whether its our office, car, home, network, outside spigot - I think you know what I mean.

A criminal may have a tool to break in, but that doesn't mean I'm going to make it easier for him

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera

MVM

said by willyb_jr:
A criminal may have a tool to break in, but that doesn't mean I'm going to make it easier for him

Criminals don't use NetStumbler, that is why hiding SSID is pointless. Disabling SSID doesn't make it harder for the criminal because they don't use NetStumbler. If you have WEP enabled then "the kid" with NetStumbler isn't likely to do anything except log your network. Provided you run APs and cards with "weak key avoidance" feature then only a brute force attack will break WEP. All the articles talking about how easy AirSnort can crack WEP would tell a completely different story if they tried AirSnort on a network running wireless gear with weak key avoidance.
StopandGo
join:2003-08-15
Fredericksburg, VA

StopandGo

Member

Disabling SSID broadcast hurts nothing, so there's no reason to not disable it. At least the pervert riding around with his pants around his ankles won't see you.
Shootist
Premium Member
join:2003-02-10
Decatur, GA

Shootist

Premium Member

Has any of the posters, that say to disable/hide the SSID, read the LINK DLSrgm posted.