Hi Terry, > > https://en.wikipedia.org/wiki/Network_cloaking > > I'm assuming that you're refering to the following extract: > > 'Worse still, because a station must probe for a hidden SSID, a fake > access point can offer a connection.' > > Correct me if I'm wrong, but wouldn't that fake AP have to spoof the > MAC Address of my Router or know what the SSID was?
If the SSID is hidden then the WAP isn't sending out occasional broadcast "Cooeee" beacons containing the SSID allowing all clients to passively listen to find out what are within earshot. Instead, your client, knowing the desired SSID, will send out a "probe request", described on that page: Probe request frames are sent unencrypted by the client computer when trying to connect to a network. This unprotected frame of information, which can easily be intercepted and read by someone willing, will contain the SSID. AIUI, it will send it on all the configured channels and for all hidden SSIDs it knows about which are set to "auto-connect". So a device that gets about a bit might be sending quite a few packets. Perhaps you can tell it the WAP MAC address so the probe-request packet has that as the destination address, but the packet is in the ether and audible to all so a promiscuous interface, the technical term for one configured to take all packets, not just those matching its own MAC address, will see the probe request, its SSID, and, if it wasn't a broadcast packet, the expected WAP's MAC address. It can use those in its forged reply. (Does Android allow you to set the expected WAP's MAC address for a hidden SSID?) You could install Wireshark and see if it will show you all the packets within wifi earshot. > I'm using MAC Adress filtering too (as well as WPA2 PSK encryption). I do that too, though mainly so there's a central place where I've noted what's what. > Anyway they all connect to hidden networks; even my Raspberry Pi! -- Next meeting: Bournemouth, Tuesday, 2017-02-07 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR