On 03/15/2013 12:51 AM, Dan Egli wrote: > *That's good information, thanks. Now, does that include the ability to > join a WPA2 network? For security I had thought of the idea of having the > AP not only using WPA2 personal but also not broadcasting the SSID. I can > easily enough configure an individual client for the correct SSID and give > it the correct password. This way not only am I more protected from people > trying to hack my Wi-Fi password (which, while admittedly harder than with > WEP is still entirely possible with WPA2) but they first would have to know > the actual SSID to try and join and that won't be listed in a scan from > something like airfart or anything.* > > Turning off SSID broadcast won't hide the network from anyone capable of doing a WEP/WPA2 attack. It will only keep little Bobby Tables from trying to associate to the AP with his mom's iPad. The BSS and BSSID are still plainly available to anyone with a wireless packet sniffer.
I used to turn off my SSID, but over time I got tired of trying to remember what it was every time I had problems with any OS's wireless stack, typing it in every time, plus which encryption type would work with which client, and did I use hex or ascii for the pre-shared key, and what was the key again, did I use padding, and was this MAC on the whitelist... blah blah blah. Usually when I was doing all this after-the-fact troubleshooting I was in a hurry, and needed it up now. I finally decided security through obscurity was doing more to keep me out of my own network than a sophisticated attacker. So I turned it back on. It also made it easier for me to use site survey software to figure out which channels everyone else in the neighbor was using and at what signal strength and quality so I could try move to a less crowded channel set. You would think that would be a one time thing, but frequently people in my neighborhood put the AP on their power strip and start everything from it. Not to mention every time someone in the neighborhood moves in or changes ISPs (assuming the ISP "upgrades" their "modem"...read: wireless router), they'd move to my channel again, and I'd have to reconsider the wireless front again. If I wasn't so paranoid about limiting the range of my own signal, I'd put a quarter-watt amp on my AP, and let the other 40 APs I can see duke it out for the remaining band positions. But with all the intelligent engineering types in my neighborhood, I'm afraid I'd start an amp-ing pissing fight that would eventually push us all over the 30dB limit and the FCC would start throwing there weight around. And yes, I have been in just that situation before; but with much longer ranges involved. ;-Daniel Fussell /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
