SSID off is never a true solution. Yes, you can still see it, just not
in the normal way.
1st the signal is there which makes it obvious there is a WAP in the area.
2nd, SSID broadcast is off, but it's clients are still talking to
something advertising it's presence in their packets detectable by
promiscuous NIC paired with software like AirSnort. Once you know it's
SSID, broadcast is not an issue.
Alternatively WEP makes it harder with SSID off I assume, but then all
you need do is scan the valid SSID combinations until you get a response
from the WAP. Then proceed with eliciting the needed packets from the
WAP until you have enough to crack with.
There is also AFAIK an issue with how clients initially negotiate a WEP
session putting key pieces of data out in-the-clear.
All of this covered with script-kiddie tools.
Yes. With WPA & SSID on, who cares, AES & TKIP make it near impossible
to crack since 1. it's AES, 2. it's rolling the keys periodically. I
would still have concerns as a laymen about regularly occurring known
data packet types that can be guessed at until you get the key but I
doubt AES is exploitable that way.
Winterlight wrote:
At 11:45 AM 5/3/2006, you wrote:
Hours? Not even.
I don't buy that, I haven't seen anything that supports the notion that
spoofing a MAC address is perfunctory. WEP, yes but let's take a step
back. The best defense is to hide in plain sight. Turn off broadcasting.
You can't hack into what you can't see, or don't know is there. I know
of no good reason to have public broadcast of a private WAP. Use a
password like SSID, turn off broadcasting, and enable MAC addressing
and you have won most of the battle. Add WPA encryption, and your done.
No WEP it takes seconds to read the traffic and extract a MAC. WEP
takes longer, but the needed packets can be coerced out of your WAP.
Besides, there's more at stake there than access. What about having
someone capture the traffic and taking it home to decrypt to extract
your personal info & passwords? These days you have war drivers all
over doing shady things because WAP's & tools a common.
While sitting waiting for my mom to come out of doctors office, I
scanned for an open WAP to check my email and actually found a lawyers
office in the same complex with an open WAP, no encryption, no MAC
lockdown and shares up with no password that led to client data. If
not for fear of being charged for theft of computing services, I would
have knocked on their door and offered my services for a fee. This is
worse case, but if had at least been WEP w/ MAC lockdown I would not
have simply stumbled across the shares. Of course in that environment
it should be WPA and the shares locked with 16+ character passwords,
or not on the WiFi at all.
Winterlight wrote:
At 01:52 AM 5/3/2006, you wrote:
At 12:15 PM 02/05/2006, joeuser wrote:
7) Wireless network security.
*cough* Lock by MAC address. Don't expect security and why. Wired
better for speed and security.
Locking by MAC address is not secure. It is possible to discover
and spoof MAC addresses - WPA with a very secure key is probably the
only security.
yeah possible, but very, very unlikely. Few people have the skills to
do something like that, and I doubt one of them are going to be
sitting in range of your WAP, for hours on end attempting to do so.
