Re: wireless router password security

bz wrote:

"Sebastian G." <seppi@xxxxxxxxx> wrote in

bz wrote:

"Kyle T. Jones" <Email@xxxxxxxxxxxxxxxxxxxx> wrote in

Sebastian G. wrote:
Kyle T. Jones wrote:
sy s-wrt54g-router-using-wap-and-wep

But please omit the step where disabling SSID broadcast. It doesn't
change anything about the security, doesn't make your network
invisible at all, but
surely creates a lot of trouble with your client accidentially trying
to connect to someone else's network.
Good point.
I don't follow the logic. Disabling SSID makes it more difficult for someone to connect to my wireless router (WEP turned on also).

Actually it makes them easier to accidentally to connect to your network
instead of another SSID-disabled network.

HOW? They need to know my router's SSID. It has an SSID, it just doesn't broadcast it.

We're talking about MAC layer connections. First you connect on the MAC layer, eventually guided by a known SSID, and then the connection partners negotiate about the actual connection parameters.

It DOES respond when my WiFi card says 'hey, (MyRouterSSID), I want to connect to you, doesn't it?

It also responds to "hey, nameless router, let's setup an encrypted session. If you can decrypt what I sent, and it shows your SSID, then we're partners. If not, then let's try it again."

If I understand stuff correctly, this stuff is loosely based on packet radio technology.
In packet radio, I would send a transmission something like Node#1 this is Node#2 k
then Node#1 would answer Node#2 this is Node#1 k
Node#2 would then go ahead and establish a link or send a command to node#1.

And the Node number is the MAC address combined with the channel number.

If Node#1 isn't broadcasting anything, I need to know its name to contact it, (and the channel/frequency it listens on).

Hey, nameless routers on channel 7. Give me some random identifiers. Hey, router SOME_RANDOM_IDENTIFIER on channel 7, let's try setting up a session.

They will have to wait until I have a connection in progress and sniff
that to find the router's SSID.

This would require cracking the encryption.


And as such the SSID is obviously a public parameter. If you broadcast the SSID, they would still have to crack the encryption to get access. If you don't broadcast the SSID, well, then they have to break the encryption or the currently nameless network, and if they were successful, they would also immediately find the SSID. That is, the SSID would always end up with them if they break it, and would be useless anyway if they don't break it.

And breaking it doesn't require the SSID.

They can simply send packet to the router

HOW do they send a packet to the router? They don't even know it is there.

They can clearly see how it sends beacon requests on a fixed channel with a pseudo-unique identifier, and also with its MAC addressing

It isn't broadcasting.

It is. It just doesn't broadcast INVITE requests.

It does NOT respond to a transmission unless it is addressed to it.

And you can address either be its channel, its channel and a pseudo-unique identifier delivered upon request, or by its MAC address.

I don't think there is a 'all routers please broadcast' command for IEEE 802.11, but I could be wrong.

There is.

I know that such a command exists on wired ethernet but would not expect it on wireless.

Why not? After all it's an ISO/OSI stack protocol. Heck, it even has an Ethernet emulation layer.

Your laptop tries to connect to the other router on the MAC layer, tries
to establish an association, with the SSID, and fails.

My laptop knows the SSID because I configured it to talk to (MyRouterSSID), doesn't it?

This is for association setup that only happens after you have negotiated on the MAC layer. After all, how should this work? You can't identify which router is yours (since it doesn't broadcast the SSID), and you're supposed to choose to which one you want to talk to.

The router can run its beacon, saying 'This is MyRouterSSID' every 100 ms(or other time interval, as configured)

Well, then it would be broadcasting the SSID...

or it can sit there and just listen for calls such as

nameless router, I'm nameless laptop. Let's talk encrypted. encrypted("is this your SSID?"). No, damn. OK, everyone, who is here? Ah you! Hello nameless router... (and you wouldn't even notice that you're always talking to the same).

OK, you can connect to (NAMELESS NETWORK), (NAMELESS NETWORK) or
(NAMELESS NETWORK). Now which one is it?

I don't try to connect to (nameless network), I try to connect to (MYROUTERSSID)

And how would you find this one if you have disabled SSID broadcasting?

> and if I can't find (MYROUTERSSID) then I don't get a

connection unless there is a network with an SSID that I have previously configured for connection.

Right. But you may also not get a connection even if your router is among these, since you're only trying to talk to the other ones. A wonderful way to shoot yourself in the foot.

I just tried an experiment. I turned off the SSID broadcast on my wireless router (It was on).
I turned off my network card.
I started netstumbler and turned on my card. I could not see my wireless router. (net stumbler prevents connection).
There were no broadcasts from the Wireless MAC address.

But you could see a SSID-less network, couldn't you?

I shut down stumbler and cycled my WiFi card off and back on.
It established contact with my wireless router. It DID see a neighbors OPEN router that broadcasts its SSID the first time I powered it on and would have connected, if I allowed it to do so, however I doubt it would connect to anything that does NOT broadcast an SSID.

Like your very own router? Hm?

My Dell network card manager sees only one (nonbroadcasting) in its monitoring window.

Which might be yours, or someone else's.

But I don't see anyone else running with broadcast off (and am unlikely to do so with these tools).

Maybe you're living far away from civilization? Heck, just on my weekly 2hour train+bus tour I can catch hundreds of network.

Are you assuming OPEN routers running with default SSIDs but with broadcast turned off?

I suggest adjusting the SSID to clearify the purpose of your network, thereby exactly fulfilling its functionality, f.e. PRIVATE. And to make sure to not duplicate any existing name of a nearby network. That is, your network is clearly visible to both you and outsiders, but they should understand that it's your private network, so you could hold them legally responsible if they try to interfere with it. And you can clearly identify it as yours.