Wireless Security
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 05 2008 07:24AM
Luiz Eduardo (le atelophobia net) (2 replies)
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 05 2008 01:28PM
Raul Siles (raul siles gmail com)
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 05 2008 01:22PM
Cedric Blancher (blancher cartel-securite fr)
Le vendredi 05 septembre 2008 à 00:24 -0700, Luiz Eduardo a écrit :
> I really wasn't aware of that, I thought it would do the usual "ask to
> broadcast" if the ap was there, that's interesting.

It starts sending generic probes around. If it does not get any answer
matching its preferred list, then it will start to send specific probes
including SSID to discover network with hidden SSID.
When not in reach of your home network, it just discloses his preferred
networks (or part of the list depending on OS/conf) around. Karma loves
that kind of behaviour ;)

> I am sure missing something obvious here, but, most of the clients, save
> whatever network you connected to to their preferred list (which will cause
> the anonymity problem you described above).

Yes. But they don't have to specifically look for each network in this
list. A round of generic probes is sufficient if none of them has a
hidden SSID. Therefore, you don't disclose anything that way.

--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus