DSLrgm Premium Member join:2002-08-22 Oak Park, MI |
DSLrgm
Premium Member
2003-Dec-9 12:25 pm
Debunking the Myth of SSID HidingThis paper explains what I have been talking about. You can access it at: » www.icsalabs.com/html/co ··· rs.shtml |
|
Sentinel Premium Member join:2001-02-07 Florida |
Sentinel
Premium Member
2003-Dec-9 12:40 pm
Apparently you have to be a member to see that article. Can you give me the basic gist of it please? |
|
DSLrgm Premium Member join:2002-08-22 Oak Park, MI |
DSLrgm
Premium Member
2003-Dec-9 12:55 pm
Registration is free. They don't track users. More to see if competitors are browsing for info....
You might be able to fool the AP some of the time, but the Station none of the time (SSID hidden in BEACON but not PROBE Response. SSID always in ASSOCIATEs and BEACON Requests).
If you try to fool the AP, you pay in performance (active scanning by Stations).
Or:
Not only can't you win for trying. You loose double. |
|
|
AnavSarcastic Llama? Naw, Just Acerbic Premium Member join:2001-07-16 Dartmouth, NS 1 edit |
Anav
Premium Member
2003-Dec-9 12:57 pm
said by DSLrgm: They don't track users. More to see if competitors are browsing for info....
Man speak with spooned(sliver) tongue! |
|
inmuckIdiot In The East Premium Member join:2003-01-29 Raleigh, NC |
to DSLrgm
Microsoft also goes by the same way. According to Microsoft, "Disabling SSID broadcasts on an access point is not considered a valid method for securing a wireless network." Refer » support.microsoft.com/de ··· s;811427for more details |
|
trparky Premium Member join:2000-05-24 Cleveland, OH |
trparky
Premium Member
2003-Dec-9 1:12 pm
Are you saying that hiding the SSID is useless? It doesn't increase security? |
|
|
He's been saying it for a long time, but keeps getting drowned out by the mindless marketing drones from both schlock and otherwise reputable companies who perpetuate the myth so that they have another check box in the feature column. |
|
|
to trparky
said by trparky: Are you saying that hiding the SSID is useless? It doesn't increase security?
If I may presume to answer for DSLrgm, the answer is yes. Disabling SSID broadcast does no more to prevent wireless security breaches than taking your name off the door prevents burglary. It provides a modicum of obscurity, which is not security. Your SSID still can be discovered with many readily available tools, and anyone who can crack your encryption (the only real security) would have such tools. |
|
inmuckIdiot In The East Premium Member join:2003-01-29 Raleigh, NC |
to DSLrgm
Yeah! In otherwords it's useless. There are lot of software available to find any SSID (even if it is hided)
It is also useless when you are using Windows Wireless Zero Configuration i.e built-in Wireless Utility on Windows XP |
|
jdmt Premium Member join:2002-05-06 Seattle, WA |
to DSLrgm
SSID hiding is not "true security". Certainly it can obscure a wireless network from the casual war driver - why have a neon sign on top of your house advertising your network?
As the article details, there is a performance penalty, but for my small home network, the obscurity is worth the cost. |
|
|
said by jdmt: Certainly it can obscure a wireless network from the casual war driver ...
True only if you assume that NetStumbler is the exclusive tool used by casual war drivers (who are not, I think, who should be keeping you up at night). If you can burn a CD, you can see every SSID in your neighborhood. |
|
Sentinel Premium Member join:2001-02-07 Florida |
to DSLrgm
So let me see if I got this straight.
You are saying that... 1. Disabling SSID is useless because they can see you anyway. 2. It is a bad idea to do it because it is useless (does no good what so ever) and by disabling SSID you slow down your network.
If that is what you are saying then I have two questions.
RE: #1... How do they see you anyway if you are no longer broadcasting SSID? If they are driving down the street looking for SSID's then they will not see you. If they know you are there then yes they will employ more means to get in but if they don't know you are there and are just cruising by then how do they know you are there?
RE:#2... How much of a performance hit on a small home LAN of 2 or 3 PC's that are not even used at the same time often? |
|
bbarrera MVM join:2000-10-23 Sacramento, CA |
Kismet is a passive scanner. NetStumbler is an active scanner. Passive scanners will discover networks and SSID even if the SSID is disabled.
Kismet will 'see' the wireless network even with SSID disabled. However, it won't discover the hidden SSID until a wireless client associates with the AP. There are tools to force a client to dissassociate, which will then cause it to associate, thereby exposing the SSID. |
|
DSLrgm Premium Member join:2002-08-22 Oak Park, MI |
to Sentinel
said by Sentinel: RE: #1... How do they see you anyway if you are no longer broadcasting SSID? If they are driving down the street looking for SSID's then they will not see you. If they know you are there then yes they will employ more means to get in but if they don't know you are there and are just cruising by then how do they know you are there?
Timing is everything. Someone driving by may only capture the BEACON. "There is an AP here". You can NOT turn BEACONs off. Things get REALLY broken when you do. Or there is a LOT to hard configure. But if they are near you for 1 minute and there is active traffic, they can pull out the SSID. quote: RE:#2... How much of a performance hit on a small home LAN of 2 or 3 PC's that are not even used at the same time often?
This is an RF issue. How often do your systems ASSOCIATE? Sometimes only at boot. Other times every few minutes. I was just in a bank where they had an AP in the center of the building for the CFO, and it look like his complaint about every few minutes going off the wireless was an RF problem. The wireless is ONLY for this one person. There is no one else on the wireless, and it is far enough into the building that any signal outside will be weak at best. You might have a great RF environment or a terrible one. And it can change very easily. For me it is great at my desk. OK in my NOC. Poor at the dining room table. |
|
Sentinel Premium Member join:2001-02-07 Florida |
Sentinel
Premium Member
2003-Dec-9 7:42 pm
Thanks bbarrera and DSLrgm.
So my take on it would be that IF you are experiencing no performance problems or issues then it would not hurt to turn SSID off, although it will only help against the mildest of war drivers. However if you are experiencing problems turning off SSID should be the first step. And if you are inclined to turn off SSID don't be concerned about it.
Sound good? |
|
DSLrgm Premium Member join:2002-08-22 Oak Park, MI |
DSLrgm
Premium Member
2003-Dec-10 12:09 am
said by Sentinel: Thanks bbarrera and DSLrgm.
So my take on it would be that IF you are experiencing no performance problems or issues then it would not hurt to turn SSID off, although it will only help against the mildest of war drivers. However if you are experiencing problems turning off SSID should be the first step. And if you are inclined to turn off SSID don't be concerned about it.
Sound good?
I think you mean 'turning *ON* SSID should be the first step'. You have to create an SSID for your network. DO NOT USE THE DEFAULT even if you turn it 'off'. Once you do that, why take the extra time to turn it off and hand config it in all your clients???? But if the work is already done (and your SSID is not 'My Home at 1234 Main St.''), then leave it alone for now. |
|
Sentinel Premium Member join:2001-02-07 Florida |
Sentinel
Premium Member
2003-Dec-10 7:59 am
Right I mean turning off the "disable SSID broadcast" which is turning on the SSID broadcast. (whew, say that 5 times fast) Yes, I changed my SSID and then entered it in all my clients and then turned it off and everything works fine and it is a random bunch of characters. About the only problem I have is when my family members come over to visit and they try to use their laptops to get online Oh well... |
|
|
kidem7
Member
2003-Dec-23 10:25 am
disabling ssid broadcast does enchanced security, but with netstumbler you can still get mac addresses....hence mac address spoofing, so like some of you have already said , turning this off is only against the inexperience wanna be hacker. |
|
kidem7 |
kidem7
Member
2003-Dec-23 2:35 pm
i just read that "Debunking the Myth of SSID Hiding" i dont agree with it 100%, reason being im in Research & Development my self,which we have tested it, and i came to a conclusion and this is common sense if your signaling(beacon) you are saying im right here, just like a lighthouse(AP) for a boat when the captain(PC) cant see, it beacons so the captain(PC) can find it, but no matter if the captain(pc) can find it through a map(Static ip and static SSID) he is fine,if you can get this
the paper said something about performance, which i do find true in some AP, about 25% of them, linksys is the worst for it, netgear passed with flying colors, but different situations can change things like always,
not saying im right or wrong just my findings |
|
1 recommendation |
I lock my car when I go into the grocery store.
I disable SSID broadcast - when my AP is on - for the same reason |
|
|
Bad analogy. Turning off the SSID broadcast is more like locking the doors but leaving the windows rolled down. |
|
PetePumaHow many lumps do you want MVM join:2002-06-13 Arlington, VA 1 edit |
to willyb_jr
said by willyb_jr: I lock my car when I go into the grocery store.
I disable SSID broadcast - when my AP is on - for the same reason
Yes, but the correct parallel here is that you lock your door but leave the window down. Ha ha-- No_Strings beat me by a few minutes! |
|
|
to No_Strings
And what - in your analogy - are the windows?
I also take every other step to secure my AP from outside access.
Are you implying that hiding the SSID is fruitless? |
|
|
Disabling the SSID in the beacon only keeps a tool such as NetStumbler from seeing your AP. Tools like Kismet or AirSnort will see them no matter what and will capture weak keys, flag networks responding to probe requests, list the MAC address of the AP and any associating clients, show the IP range of the network and help to crack the WEP keys. Which would worry you more: a kid with NS and a Pringles can or someone equipped to get all of the available info? |
|
|
Honestly, they both worry me. They both can do damage - although I don't have anything the 'pro' would want, other than bandwidth...
If I can keep the kid out by hiding my SSID and taking a performance hit - so be it. We all suffer when we have to run AV, Firewalls, IDS, layered protection, etc, etc, etc. |
|
|
said by willyb_jr: If I can keep the kid out by hiding my SSID and taking a performance hit - so be it. We all suffer when we have to run AV, Firewalls, IDS, layered protection, etc, etc, etc.
I think No_Strings' point is that "the kid" is just a wardriver. Wardrivers are more comparable to birdwatchers than to crackers or even hackers. |
|
1 edit |
Yep - I totally agree.
My analogy was meant as a portion of the "big picture" - in which we take all the necessary steps in securing our property; whether its our office, car, home, network, outside spigot - I think you know what I mean.
A criminal may have a tool to break in, but that doesn't mean I'm going to make it easier for him |
|
bbarrera MVM join:2000-10-23 Sacramento, CA |
said by willyb_jr: A criminal may have a tool to break in, but that doesn't mean I'm going to make it easier for him
Criminals don't use NetStumbler, that is why hiding SSID is pointless. Disabling SSID doesn't make it harder for the criminal because they don't use NetStumbler. If you have WEP enabled then "the kid" with NetStumbler isn't likely to do anything except log your network. Provided you run APs and cards with "weak key avoidance" feature then only a brute force attack will break WEP. All the articles talking about how easy AirSnort can crack WEP would tell a completely different story if they tried AirSnort on a network running wireless gear with weak key avoidance. |
|
|
Disabling SSID broadcast hurts nothing, so there's no reason to not disable it. At least the pervert riding around with his pants around his ankles won't see you. |
|
Shootist Premium Member join:2003-02-10 Decatur, GA |
Shootist
Premium Member
2003-Dec-23 6:42 pm
Has any of the posters, that say to disable/hide the SSID, read the LINK DLSrgm posted. |
|