This is really not an XP problem, but a more generic 802.11 problem, due to the fact that management frames are not authenticated. If you prevent your AP from advertising its SSID, then a client that wants to connect to it (and must be preconfigured with that SSID) has to send a probe request frame to check for the presence of the AP (and find out it's MAC address and a few other things). Any client that supports active scanning (and this is needed to connect to an AP that doesn't do SSID broadcast) will do the same thing.
That really means that disabling SSID broadcast is really not enough to make an AP secure. Anybody listening should be able to find the SSID and all MAC addresses used pretty quickly.
And of course once you have this information, it is indeed quite easy to spoof any of the boxes (APs or clients). The only protection against this (at this level) is 802.1x with a dynamic session keys and a good EAP method.
Jacques.
At 06:24 17/12/2002, Jon Baer wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After reading this:http://www.computeruser.com/news/02/12/13/news1.html (about how XP queries APs w/ SSIDs (stored on the client) which are suppose to be hidden) ... making it defeat the whole purpose, why even have it as an option on an AP then? It seems that despite almost ANY type of standardization that MS would have their completely own agenda w/ any type of authentication. Id personally wouldnt find this disturbing if VPN/IPSec is already installed but makes me wonder what else MS does which u don't know about ... and this port 137 issue drives me nuts as well. - - Jon -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPf61HEHb24uaDK9HEQIzPwCgtjDcLqHl62yGyo+rcQbxaqXFpmwAnjDa Q0+uFvaB4EgpP+jPKqDvlT4l =Ra6k -----END PGP SIGNATURE----- -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
-- Jacques Caron, IP Sector Technologies Join the discussion on public WLAN open global roaming: http://lists.ipsector.com/listinfo/openroaming -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
