mvordeme;383574 Wrote: > Thanks for being pedantic ;). If it has been spelled out clearly before, > I have not come across it. I am interested in learning more about the > nature of the vulnerability introduced by hiding the SSID. If that > would lead too far in the current context, could you please hint me at > some documentation? > > Thanks and regards, > -- mvordeme
Here you go: http://www.networkworld.com/columnists/2007/030507-wireless-security.html It's what the article refers to as the KARMA attack. Basically because the access point doesn't have a beacon, your devices constantly check for the presence of this SSID (and in effect become SSID beacons in their own right). Then an attacker knows your SSID and that your device will automatically connect to that SSID, and they can impersonate your WAP and at that point they can do all kinds of nasty things--DNS poisoning and password sniffing being the most obvious. -- CatBus ------------------------------------------------------------------------ CatBus's Profile: http://forums.slimdevices.com/member.php?userid=7461 View this thread: http://forums.slimdevices.com/showthread.php?t=29499 _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/discuss
