SSID Broadcast Disabled: Still Vulnerable

If I have my wireless router's SSID Broadcast disabled, am I still
vulnerable even though others cannot see me? Or are sniffers these
days so good that they can pinpoint my wireless connection even though
my SSID Broadcast is disabled?

Thanks

"Sam" <(E-Mail Removed)> hath wroth:

>If I have my wireless router's SSID Broadcast disabled, am I still
>vulnerable even though others cannot see me? Or are sniffers these
>days so good that they can pinpoint my wireless connection even though
>my SSID Broadcast is disabled?

Kismet (for Linux) can easily extract your SSID from associate,
re-associate and disassociate packets.

The *ONLY* security measure that really works is WPA encryption.

See the FAQ Wi-Fi Security section at:
http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

> If I have my wireless router's SSID Broadcast disabled, am I still
> vulnerable even though others cannot see me? Or are sniffers these
> days so good that they can pinpoint my wireless connection even though
> my SSID Broadcast is disabled?

Sure, just by listening to the other traffic on the channels using tools
like kismet. Other clients have to communicate with the router. As they do
this their traffic can be picked up by other clients. It's trivial for
software on one of them to listen to the traffic, inject some of it's own,
and quite quickly deteremine the SSID (among other things).

So if you want to be secure then use WPA. Otherwise it's nothing more than
a weak attempt to "hide in plain sight" by not broadcasting your SSID.

And while you're reconfiguring, make sure you're not on the same channel as
other nearby routers.

On Wed, 2 Aug 2006 14:17:31 -0400, "Bill Kearney"
<(E-Mail Removed)> wrote:

>> If I have my wireless router's SSID Broadcast disabled, am I still
>> vulnerable even though others cannot see me? Or are sniffers these
>> days so good that they can pinpoint my wireless connection even though
>> my SSID Broadcast is disabled?
>
>Sure, just by listening to the other traffic on the channels using tools
>like kismet. Other clients have to communicate with the router. As they do
>this their traffic can be picked up by other clients. It's trivial for
>software on one of them to listen to the traffic, inject some of it's own,
>and quite quickly deteremine the SSID (among other things).
>
>So if you want to be secure then use WPA. Otherwise it's nothing more than
>a weak attempt to "hide in plain sight" by not broadcasting your SSID.
>
>And while you're reconfiguring, make sure you're not on the same channel as
>other nearby routers.
>

can you recommend a shareware/freeware package that will determine
which channels my neighbors are using on their systems?

73,
rich, n9dko

On Thu, 03 Aug 2006 01:10:13 GMT, Rich <(E-Mail Removed)> wrote
in <(E-Mail Removed)>:

>On Wed, 2 Aug 2006 14:17:31 -0400, "Bill Kearney"
><(E-Mail Removed)> wrote:
>
>>> If I have my wireless router's SSID Broadcast disabled, am I still
>>> vulnerable even though others cannot see me? Or are sniffers these
>>> days so good that they can pinpoint my wireless connection even though
>>> my SSID Broadcast is disabled?
>>
>>Sure, just by listening to the other traffic on the channels using tools
>>like kismet. Other clients have to communicate with the router. As they do
>>this their traffic can be picked up by other clients. It's trivial for
>>software on one of them to listen to the traffic, inject some of it's own,
>>and quite quickly deteremine the SSID (among other things).
>>
>>So if you want to be secure then use WPA. Otherwise it's nothing more than
>>a weak attempt to "hide in plain sight" by not broadcasting your SSID.
>>
>>And while you're reconfiguring, make sure you're not on the same channel as
>>other nearby routers.
>
>can you recommend a shareware/freeware package that will determine
>which channels my neighbors are using on their systems?

He did that.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

> >And while you're reconfiguring, make sure you're not on the same channel
as
> >other nearby routers.
>
> can you recommend a shareware/freeware package that will determine
> which channels my neighbors are using on their systems?

Sure, on windows use NetStumbler. On linux use kismet. There are boot CDs
that are designed to jump right into kismet with linux. Linux and kismet
are not trivial to use. NetStumbler is considerably easier to use but
doesn't go into as many technical details as kismet. But if all you want to
do it see what other channels are active, and you're using windows, then
just grab netstumbler.

STFW for links to them.

-Bill Kearney

On Wed, 2 Aug 2006 23:17:12 -0400, "Bill Kearney"
<(E-Mail Removed)> wrote:

>
>> >And while you're reconfiguring, make sure you're not on the same channel
>as
>> >other nearby routers.
>>
>> can you recommend a shareware/freeware package that will determine
>> which channels my neighbors are using on their systems?
>
>Sure, on windows use NetStumbler. On linux use kismet. There are boot CDs
>that are designed to jump right into kismet with linux. Linux and kismet
>are not trivial to use. NetStumbler is considerably easier to use but
>doesn't go into as many technical details as kismet. But if all you want to
>do it see what other channels are active, and you're using windows, then
>just grab netstumbler.
>
>STFW for links to them.
>
>-Bill Kearney

thanks, bill.

73,
rich, n9dko

On Thu, 03 Aug 2006 01:24:55 GMT John Navas <(E-Mail Removed)> wrote:
| On Thu, 03 Aug 2006 01:10:13 GMT, Rich <(E-Mail Removed)> wrote
| in <(E-Mail Removed)>:
|
|>On Wed, 2 Aug 2006 14:17:31 -0400, "Bill Kearney"
|><(E-Mail Removed)> wrote:
|>
|>>> If I have my wireless router's SSID Broadcast disabled, am I still
|>>> vulnerable even though others cannot see me? Or are sniffers these
|>>> days so good that they can pinpoint my wireless connection even though
|>>> my SSID Broadcast is disabled?
|>>
|>>Sure, just by listening to the other traffic on the channels using tools
|>>like kismet. Other clients have to communicate with the router. As they do
|>>this their traffic can be picked up by other clients. It's trivial for
|>>software on one of them to listen to the traffic, inject some of it's own,
|>>and quite quickly deteremine the SSID (among other things).
|>>
|>>So if you want to be secure then use WPA. Otherwise it's nothing more than
|>>a weak attempt to "hide in plain sight" by not broadcasting your SSID.
|>>
|>>And while you're reconfiguring, make sure you're not on the same channel as
|>>other nearby routers.
|>
|>can you recommend a shareware/freeware package that will determine
|>which channels my neighbors are using on their systems?
|
| He did that.

He didn't tell people where to get it. Hint: it's the very FIRST item
returned by Google.

OTOH, Kismet requires a host based wireless card, and apparently will
not work through a wireless device like a bridge or access point.
There is probably no NPI in those devices to even do such a thing.

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2006-08-03-(E-Mail Removed) |
|------------------------------------/-------------------------------------|

Jeff Liebermann wrote:
>
> Kismet (for Linux) can easily extract your SSID from associate,
> re-associate and disassociate packets.
>
> The *ONLY* security measure that really works is WPA encryption.
>
> See the FAQ Wi-Fi Security section at:
> http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security

Unfortunately, with my DLINK router, enabling WPA encryption slows my
internet big time and I have highspeed cable. In addition, with WPA
encryption I frequently have dropped connections..damn DLINK!

"Sam" <(E-Mail Removed)> hath wroth:

>Jeff Liebermann wrote:
>>
>> Kismet (for Linux) can easily extract your SSID from associate,
>> re-associate and disassociate packets.
>>
>> The *ONLY* security measure that really works is WPA encryption.
>>
>> See the FAQ Wi-Fi Security section at:
>> http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security

>Unfortunately, with my DLINK router, enabling WPA encryption slows my
>internet big time and I have highspeed cable. In addition, with WPA
>encryption I frequently have dropped connections..damn DLINK!

What model DLink? If you're going to suggest that something is
broken, kindly supply the details so others don't repeat your
experience. There may also be fixes available.

I've seen slight slowdowns in routers of perhaps 10% or less, but
nothing that is obvious except in benchmarks. There is a problem with
slow computers on the client end doing WPA-AES, as they often try to
do it in software using the CPU, which really burns CPU cycles.

How high is your high speed cable? If you have 6Mbits/sec (that's
fast for this area), then all you need is a 12Mbit/sec wireless
connection in order to utilize the maximum speed of the cable modem.
(Thruput is approximately half the connection speed). Dropped
connections might be bugs in the client, where every time it does a
key exchange, it drops the connection. I've seen this in the client
and in one wireless router (not DLink) that I can't recall the name
and model.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558