Re: Wireless SSID discovery
From: Michael Puchol (mpuchol_at_sonar-security.com)
Date: 12/22/04
- Previous message: Rapaille Max: "RE: Wireless SSID discovery"
- In reply to: Andrew Bagrin: "Wireless SSID discovery"
- Next in thread: Olivier Fauchon: "Re: Wireless SSID discovery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Dec 2004 09:31:06 +0100 To: pen-test@securityfocus.com
Hi Andrew,
I know you have got some answers that point you in the right direction,
but for the record, some APs use the 'hide SSID' function to remove the
SSID from the beacon frames, but they still include it in the probe
replies (i.e. Netstumbler will still catch it). A passive scanner such
as Kismet would have to wait until a client probed or associated or
reassociated to the AP. Other APs will also remove the SSID from the
probe responses, or not respond to probes at all (the early Intel APs
did this by default, their out-of-the-box SSID was 101).
Hiding the SSID is false security, any person one step higher than a
kiddie will be able to get it from sniffing one way or another. It can
also affect the network's performance.
Best regards,
Mike
mother@netstumbler.com
Andrew Bagrin wrote:
> I'm doing a wireless pen-test and am able to use aircrack to crack
> the wep key, however, when I use Kismet, Cain, airdump etc.. I can't
> get the SSID of a the access point if the SSID broadcast has been
> disabled. Does anyone know how to do this, or is there any tools that
> will let you get the SSID even if its not being broadcasted.
>
> Thanks,
>
> Andrew
>
>
- Previous message: Rapaille Max: "RE: Wireless SSID discovery"
- In reply to: Andrew Bagrin: "Wireless SSID discovery"
- Next in thread: Olivier Fauchon: "Re: Wireless SSID discovery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
