Considering that tools such as Kismet do not rely on any type of broadcasting methods, they actively probe for setups, this is a moot point. I have actually had kismet probe a card on a laptop and show me every setup that the card was used for. After confronting the user of the card with the results of the probe, they were astonished to see that I not only saw the active profile, but three others that were configured for that card. And with Kismet, we were able to retrieve the SSID from the CISCO without an association by the one and only client machine that was actually configured for that particular AP. Ant we did this with both a Linux box using Kismet, and an XP box using NetStumbler with an Netgear WAB501 using WAB511 drivers. Of course the XP box took longer, about two minutes, but this rig by far found more AP and held them for a much longer time than the Linux box could.
-----Original Message----- From: David Gillett [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 5:47 PM To: 'Bo Mendenhall'; [EMAIL PROTECTED] Subject: RE: wireless access point It seems to me that the distinction between "detect and report about a previously-unknown available access point" and "detect ACTIVE USE of a previously-unknown available access point" is that the latter is of far less use.... David Gillett > -----Original Message----- > From: Bo Mendenhall [mailto:[EMAIL PROTECTED] > Sent: June 6, 2003 13:25 > To: [EMAIL PROTECTED] > Subject: RE: wireless access point > > > Please correct me if I'm wrong: > > Marvin's Statement below is true because eventually someone > who has the SSID for an AP will hop on the AP, at which time > it broadcasts the SSID, so Netstumbler would potentially pick > it up the SSID at that point. > > >>> "Myers, Marvin" <[EMAIL PROTECTED]> 06/06/03 12:34PM >>> > That is not entirely true. Netstumbler does in fact detect > AP's that do not broadcast their SSID, it just takes longer. > I have proven this on more than one occasion using > NetStumbler on XP with both Orinoco and Netgear cards. > > -----Original Message----- > From: Christopher Harrington [mailto:[EMAIL PROTECTED] > Sent: Friday, June 06, 2003 1:23 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: wireless access point > > Netstumbler does not detect AP's that do not broadcast their > SSID. I know Kismet and Wellenreiter do, I cant speak for the others. > > --Chris > > > -----Original Message----- > From: Luiz Otávio Duarte [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 05, 2003 9:54 PM > To: [EMAIL PROTECTED] > Subject: RE: wireless access point > > > Hi, > > >Is there any way of detecting wireless access point that doesn't > >broadcast > >the SSID? > > Yep, It's possible. I will tell you why: > > We have two probing modes for channels in a 802.11 network. > > - Activing probe - Is when the prober machine exchange some > probe frames > with the AP. > > - RFMON - Radio Frequency Monitor (Passive probe) - when > the probe machine > capture all data in the channel and try to find some SSID > (Service Set > Identification) > > You can find AP that does not broadcast the SSID using any > probe technique. > > You can use: Netstumbler, DStumbler, Kismet, Wellenreiter, THC-RUT, > WEPCrack, AirSnort, .... > > That's All Folks! > > -- > ## > # Luiz Otávio Duarte (lod at acmesecurity dot org) > # www.acmesecurity.org/~lod > ## > # ACME! (Computer Security Research) > # www.acmesecurity.org > ## > # Unesp - São José do Rio Preto - São Paulo - Brazil > ## > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > -------------- > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > -------------- > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > -------------- > > > > -------------------------------------------------------------- > ------------- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by > top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure > remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------- > -------------- > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
