Re: [Dorset] SSID Hiding

Tue, 07 Feb 2017 00:18:45 -0800 

Hi Terry,

> > https://en.wikipedia.org/wiki/Network_cloaking
>
> I'm assuming that you're refering to the following extract:
> 
> 'Worse still, because a station must probe for a hidden SSID, a fake
> access point can offer a connection.'
> 
> Correct me if I'm wrong, but wouldn't that fake AP have to spoof the
> MAC Address of my Router or know what the SSID was?

If the SSID is hidden then the WAP isn't sending out occasional
broadcast "Cooeee" beacons containing the SSID allowing all clients to
passively listen to find out what are within earshot.  Instead, your
client, knowing the desired SSID, will send out a "probe request",
described on that page:

    Probe request frames are sent unencrypted by the client computer
    when trying to connect to a network.  This unprotected frame of
    information, which can easily be intercepted and read by someone
    willing, will contain the SSID.

AIUI, it will send it on all the configured channels and for all hidden
SSIDs it knows about which are set to "auto-connect".  So a device that
gets about a bit might be sending quite a few packets.  Perhaps you can
tell it the WAP MAC address so the probe-request packet has that as the
destination address, but the packet is in the ether and audible to all
so a promiscuous interface, the technical term for one configured to
take all packets, not just those matching its own MAC address, will see
the probe request, its SSID, and, if it wasn't a broadcast packet, the
expected WAP's MAC address.  It can use those in its forged reply.

(Does Android allow you to set the expected WAP's MAC address for a
hidden SSID?)

You could install Wireshark and see if it will show you all the packets
within wifi earshot.

> I'm using MAC Adress filtering too (as well as WPA2 PSK encryption).

I do that too, though mainly so there's a central place where I've noted
what's what.

> Anyway they all connect to hidden networks; even my Raspberry Pi!

-- 
Next meeting:  Bournemouth, Tuesday, 2017-02-07 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue     / TO THE LIST OR THE AUTHOR

Reply via email to