Natoma
join:1999-08-30
Brooklyn, NY
 ·Verizon FIOS
| Beware SSID Hiding
»www.icsalabs.com/html/communitie···ding.pdf
This paper says that hiding SSID is VERY bad, and useless as well. Easy to read and well written.
I created a 64 character passphrase for WPA, turned that into a 32 character Hex, and then put that Hex in as my passphrase. I also turned on MAC filtering. Pretty much all one can do.
--
--
Natoma |
|
enOehT
Premium
join:2003-05-17
Norristown, PA
edit:
February 8th, @01:55AM
| Read the article. Interesting, but from my experience I have NOT noticed any performance decrease by not broadcasting my SSID. I get a constant 54mbps in my one bedroom apartment. Also, why would I want other people in my building to see that I have a wireless AP? By broadcasting it, it will show up as an available AP. This will tell people in my apartment complex that I have a laptop with WiFi, and hence might expose me to a possible robbery. Furthermore, this nonsense about the SSID being more exposed is ridiculous. This might be true if someone had sophisticated equipment to listen and interpret all this traffic, but come on, in the real world this doesn't exist, my neighbors aren't even smart enough to hide their off-the-shelf LINKSYS APs, so I am not worried about them sniffing my hidden SSID. |
|
Morac
join:2001-08-30
Riverside, NJ
 ·Comcast
edit:
February 8th, @02:07AM
| reply to Natoma
I used to hide my SSID until I found that its very easy to determine if a network exists in the area using netstumbler even if the SSID is hidden. Once a network is found its trivial to discover the SSID.
What's worse is that my neighbors also have a wireless network and they would pick the same channel I was on because they couldn't see my network (causing problems).
Finally one of my wireless devices, while it would work with the SSID hidden, had connection problems and had a hard time finding my network when I changed channels. Unhiding my SSID seemed to fix that.
Right now I leave the SSID unhidden for the reasons above. I have encryption enabled, MAC filtering enabled, DHCP disabled and all the rest so I'm not too worried. |
|
enOehT
Premium
join:2003-05-17
Norristown, PA
| I think it is more secure to leave DHCP enabled and set the range to as many IPs as you have computers. In my case one. If you disable DHCP, then that leaves the possibility of picking any internal IP you like, and hard coding it. With my method, if someone broke through all my other security, if I was on the network, it would alert me that two devices were try to use the same IP. Hence I would be alerted to the situation right away. |
|
Morac
join:2001-08-30
Riverside, NJ
·Comcast
| That's true if all the devices on the network are always on (and therefore have an IP). Some of my devices like my PS2 aren't always on. If I enabled DHCP I'd be giving out an IP to an intruder.
I forgot to mention my netmask is 255.255.255.248 which only allows 6 ip addresses per subnet (5 other than the router). I also changed my network address. This makes guessing a valid IP a lot harder. |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Use all available precautions you have support for
You guys ought to give a once over to the FAQ referenced above and the 2 in-depth articles that are linked to in the body of the FAQ.
SSIDs are included in a part of normal transmissions. So a hacker can see them even if beconing is turned off. However:
1. Turning off beaconing does mean someone won't accidentally hook into your LAN. (Accidents happen more often than crackers.)
2. Turning off beaconing means your network isn't so visible when not in active use.
WEP can be cracked with freeware decryption tools listening to the volume of traffic that may pass by in a few hours or days, depending on the key and the business of your network. Still, WEP will slow down any cracker, and will stop casual infiltration.
4. Windows XP has been extended to cover WPA, you just need to run Windows update. |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| reply to Natoma
Re: Beware SSID Hiding
The author of the paper »www.icsalabs.com/html/communitie···ding.pdf
doesn't understand how hiding an SSID improves security.
It improves security against accidental connection by non-crackers and beginner scriptkiddies.
Also, he isn't talking about WLANs in SOHO and home environments. |
|
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
| With some of the current FREE utilities unless you are using WPA, it does not matter much.
The headers in WEP are not encrypted anyway, and since the headers contain the SSID from the client Adapters, well enough said.
Check out this thread:
»The Motherload of Windows Wireless Tools/Links |
|
AnonymousDude
@cableone.net
| reply to enOehT
Enabling DHCP and setting the range to match the number of computers does NOTHING to prevent someone from picking an address that is not allocated by DHCP. It's perfectly valid (and actually a good network design technique when used properly).
The only way to restrict the number of available IP address is to shrink your subnet. |
|
