Undetectable APs

Can access points be configured such that they are undetectable by the typical
hobbiest wifi radio scan assuming that they are in range of the transceiver?
With Windows? With Linux? Other than hostname and Mac address, can particular
computers be denied replies to a scan, based on what other paramters? Can
netstumbler or some other software discover these "shielded" aps?

(at work, hence anonymous usenet access)

On Fri, 30 Jul 2010 01:45:50 +0200 (CEST), in
<(E-Mail Removed) mith.info>, "Non
scrivetemi" <(E-Mail Removed)> wrote:

>Can access points be configured such that they are undetectable by the typical
>hobbiest wifi radio scan assuming that they are in range of the transceiver?
>With Windows? With Linux? Other than hostname and Mac address, can particular
>computers be denied replies to a scan, based on what other paramters? Can
>netstumbler or some other software discover these "shielded" aps?
>
>(at work, hence anonymous usenet access)

Not seen by Joe Sixpack, but detectable by even a modest hobbyist.

--
John FAQ for Wireless Internet: <http://wireless.navas.us>
FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>

In message <(E-Mail Removed) mith.info>
"Non scrivetemi" <(E-Mail Removed)> was claimed
to have wrote:

>Can access points be configured such that they are undetectable by the typical
>hobbiest wifi radio scan assuming that they are in range of the transceiver?

Windows itself won't pop up and mention them, but any wifi sniffing
software will do it, no special hardware required.

>With Windows? With Linux?

Windows, definitely. I'd assume Linux too, but I've never looked.

>ther than hostname and Mac address, can particular
>computers be denied replies to a scan, based on what other paramters?

You can deny a computer on any basis your AP allows. In general this
means MAC addresses, occasionally hostnames or similar, in rare cases
other parameters are probably going to be possible too.

DevilsPGD <Still-Just-A-Rat-In-A-(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> In message
> <7983e584c6869b9921b695d345adbb07
@pboxmix.winstonsmith.info> "Non
> scrivetemi" <(E-Mail Removed)> was
claimed to
> have wrote:
>
>>Can access points be configured such that they are
undetectable by the
>>typical hobbiest wifi radio scan assuming that they are in
range of
>>the transceiver?
>
> Windows itself won't pop up and mention them, but any wifi
sniffing
> software will do it, no special hardware required.
>
>>With Windows? With Linux?
>
> Windows, definitely. I'd assume Linux too, but I've never
looked.
>
>>ther than hostname and Mac address, can particular
>>computers be denied replies to a scan, based on what other
paramters?
>
> You can deny a computer on any basis your AP allows. In
general this
> means MAC addresses, occasionally hostnames or similar, in
rare cases
> other parameters are probably going to be possible too.

Rare cases? Paramaters? Such as? Do you even know what your
talking about?

In message <i2vgp2$lts$(E-Mail Removed)> Dobie <(E-Mail Removed)> was
claimed to have wrote:

>DevilsPGD <Still-Just-A-Rat-In-A-(E-Mail Removed)> wrote in
>news:(E-Mail Removed) :
>
>> You can deny a computer on any basis your AP allows. In
>general this
>> means MAC addresses, occasionally hostnames or similar, in
>rare cases
>> other parameters are probably going to be possible too.
>
>Rare cases?

Depends on your hardware and software, yes. Most people buy the
cheapest thing at Best Buy, this severely limits your options vs what
higher end choices might allow.

>Paramaters? Such as?

Well, one example would be to allow 802.11b or g clients. Another might
be only allow WPA2-PSK but not WPA-PSK.

>Do you even know what your talking about?

If you use manufacturer supplied software on your AP then your ability
to set limitations are based on the feature set the manufacturer
provided. Most APs will only let you allow/deny wireless access based
on MAC address (and of course compatible encryption settings)

A few will block by hostname, although technically speaking they
actually do have to allow the wireless connection first, then once the
hostname is known, decide whether to route packets or not.

If you control the software on your AP then your ability to code will be
your only imagination and coding skills.

On Fri, 30 Jul 2010 15:57:07 -0700, in
<(E-Mail Removed)>, DevilsPGD
<Still-Just-A-Rat-In-A-(E-Mail Removed)> wrote:

>If you use manufacturer supplied software on your AP then your ability
>to set limitations are based on the feature set the manufacturer
>provided. Most APs will only let you allow/deny wireless access based
>on MAC address (and of course compatible encryption settings)
>
>A few will block by hostname, although technically speaking they
>actually do have to allow the wireless connection first, then once the
>hostname is known, decide whether to route packets or not.
>
>If you control the software on your AP then your ability to code will be
>your only imagination and coding skills.

The radio has to be on for the AP to do anything useful, which is easily
detectable no matter what your imagination and coding skills.

--
John FAQ for Wireless Internet: <http://wireless.navas.us>
FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>

On Fri, 30 Jul 2010 17:55:58 -0700 (PDT), in
<370697a9-820c-47a4-a80f-(E-Mail Removed)>,
bod43 <(E-Mail Removed)> wrote:

>I could imagine someone finding an Access Point,
>sniffing the traffic, changing the MAC address of their PC
>to match that of a permitted client and then gaining access.
>
>Of course long random keys and WPA or even better WPA2
>seem to still be secure.

Not true, unfortunately. See my post
"NEWS: Security shortcomings in WPA2 that threaten security of wireless
networks". PSK also has weaknesses.

--
John FAQ for Wireless Internet: <http://wireless.navas.us>
FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>

In message <(E-Mail Removed)> John Navas
<(E-Mail Removed)> was claimed to have wrote:

>On Fri, 30 Jul 2010 15:57:07 -0700, in
><(E-Mail Removed)>, DevilsPGD
><Still-Just-A-Rat-In-A-(E-Mail Removed)> wrote:
>
>>If you use manufacturer supplied software on your AP then your ability
>>to set limitations are based on the feature set the manufacturer
>>provided. Most APs will only let you allow/deny wireless access based
>>on MAC address (and of course compatible encryption settings)
>>
>>A few will block by hostname, although technically speaking they
>>actually do have to allow the wireless connection first, then once the
>>hostname is known, decide whether to route packets or not.
>>
>>If you control the software on your AP then your ability to code will be
>>your only imagination and coding skills.
>
>The radio has to be on for the AP to do anything useful, which is easily
>detectable no matter what your imagination and coding skills.

Absolutely. However, you can deny access, or fail to reply to scans.

A passive scan will still find you, but I covered that earlier in my
previous message.

DevilsPGD <Still-Just-A-Rat-In-A-(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> In message <(E-Mail Removed)>
John Navas
> <(E-Mail Removed)> was claimed to have wrote:
>
>>On Fri, 30 Jul 2010 15:57:07 -0700, in
>><(E-Mail Removed)>, DevilsPGD
>><Still-Just-A-Rat-In-A-(E-Mail Removed)> wrote:
>>
>>>If you use manufacturer supplied software on your AP then
your ability
>>>to set limitations are based on the feature set the
manufacturer
>>>provided. Most APs will only let you allow/deny wireless
access based
>>>on MAC address (and of course compatible encryption
settings)
>>>
>>>A few will block by hostname, although technically
speaking they
>>>actually do have to allow the wireless connection first,
then once the
>>>hostname is known, decide whether to route packets or not.
>>>
>>>If you control the software on your AP then your ability
to code will be
>>>your only imagination and coding skills.
>>
>>The radio has to be on for the AP to do anything useful,
which is easily
>>detectable no matter what your imagination and coding
skills.
>
> Absolutely. However, you can deny access, or fail to reply
to scans.
>
> A passive scan will still find you, but I covered that
earlier in my
> previous message.

Do most PC wifi radios do passive or active scans and what
exactly is the difference? I am guessing that active means
actually sending a packet out for reply. But how can a
receiver detect an AP that is not addressing packets to that
receiver, which is what a "passive" scan implies? I think
with wired network scanners they send out an abbreviated
packet or some such which are undetectable by many firewalls,
but not all.

Meanwhile, at the alt.internet.wireless Job Justification Hearings, ArnieJ
chose the tried and tested strategy of:

> Do most PC wifi radios do passive or active scans and what
> exactly is the difference?

The answer to that is similar to with APs; in general using third-party
software will give you more options.

> But how can a receiver detect an AP that is not addressing packets to that
> receiver, which is what a "passive" scan implies?

The chipset in the wifi NIC needs to be able to pass all received data to
the scanning software, ie not just packets sent to it's own MAC address. The
scanning software will then instruct the NIC to hop from channel to channel,
dwelling briefly on each one to listen for traffic. Whatever information can
be extracted from a packet will be used to build a report for the operator
of the software, eg channel, signal strength, SSID, MAC address, IP
addresses if they're not encrypted, etc.

How likely are you to see packets on the air from a wireless network? Very.
If it's not hidden, an AP will be sending beacon frames out regularly. Even
if it is hidden, there will still be regular, non-user-initiated chatter
like ARP requests, AV updates, Windows updates, etc.

> I think with wired network scanners they send out an abbreviated
> packet or some such which are undetectable by many firewalls,
> but not all.

I think you're talking about a port scanner which operates at different
layers to a wireless network sniffer.

http://en.wikipedia.org/wiki/TCP/IP_model

A port scanner isn't really much use when wanting to investigate unknown
wireless networks, because you need to have IP connectivity in order to make
use of it.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
11:34:24 up 13 days, 2:05, 6 users, load average: 0.03, 0.09, 0.11
Qua illic est accuso, illic est a vindicatum