On Fri, 24 May 2002, Mike Kershaw wrote:
>
> Kismet detects cloaked networks that have client traffic on them, so yes -
> if there is any traffic on the network, it will be seen and counted.
> Obviously if it's a non-beaconing network that has no data traffic, it's not
> putting anything into the airwaves and NOTHING is going to see it. If you
> run kismet in the vicinity of your AP while, say, browsing, it will be seen
> just as well as if beaconing was enabled.
>
> Kismet also uncloaks hidden SSID's by watching for probe req/response pairs
> of clients joining the network - so if someone reboots or re-associates due
> to a weak signal while kismet is in range, the SSID is exposed. Check the
> kismet mailing list archives for an interesting discussion about several ways
> to forcibly flood a network with noise, causing all the clients to loose their
> link and issue a probe req. (2.4ghz herf gun being the most extreme, and a
> microwave being relatively low tech, which doesn't address protocol-level
> attacks like spoofing the MAC of the AP and telling the client to reconnect).
Kismet sounds like a very useful tool, I'll be sure to look into it.
> Personally, I'm fairly strongly opposed to SSID cloaking and non-beaconing
> AP's - not because it's worthless, but because too many people take it as the
> be all of protection, when all it gives is, in reality, a slight shield
> from the casual observer but anyone who has any drive to get at the data
> will do so. It falls into the same category as turning off servers at
> night, in my mind - it narrows the window of attack to some degree, but it's
> not going to save you.
Doesn't every little bit help? In terms of maintenance/administration
costs it's basically zero but it does provide a small benefit.
> As far as using mac filtering and dhcp leases, i don't personally see that
> as a large deterrent. It's trivial to hijack a MAC and renew the lease as
> that MAC, or to bypass DHCP entirely.
Yeah, MAC addresses are worthless and the dhcp doesn't do much either.
I've done what I listed earlier (no ssid, mac table, no dhcp) plus 40bit
wep(128bit just takes longer so I don't feel too much of an incentive to
use it, if someone wants to break wep 40bit or 128bit they'll do it). I
feel uneasy with no security but if the learning curve is too high or
administrative costs are too high I'm not going to be able to implement
the solutions. May I ask what else can the little guy do when setting up
just a wireless home network? Good to point out problems but what about
solutions?
Thank you,
-Ford
Found On Road Dead
--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
