Wireless Security
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 05 2008 07:24AM
Luiz Eduardo (le atelophobia net) (2 replies)
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 05 2008 01:28PM
Raul Siles (raul siles gmail com)
On Fri, Sep 5, 2008 at 9:24 AM, Luiz Eduardo <le (at) atelophobia (dot) net [email concealed]> wrote:
> I am sure missing something obvious here, but, most of the clients, save
> whatever network you connected to to their preferred list (which will cause
> the anonymity problem you described above).
> Specially corporate laptops, that will come pre-configured by the IT folks,
> will have the corporate SSID setup. How to get around this though? Not
> configuring some authentication stuff (if using .1x) , will surely help, but
> most (at least) of the windows clients will still look for a SSID prior to
> doing anything.

Hi Luiz,
The behavior you describe was the "old" behavior for Windows clients.
Once you update them with
kb917021(http://support.microsoft.com/kb/917021), they still store the
PNL, but each of the SSID's in the list is not sent through the air
(except when you use a cloaked network). Unfortunately, the associated
MS patch is not included in the regular and mandatory Microsoft update
database (although it was initially published in January 2007), so you
need to install it on purpose. Time to do so! ;)

Cheers,
--
Raul Siles
www.raulsiles.com

[ reply ]
Re: To broadcast or not broadcast, that is the question (SSIDs) Sep 05 2008 01:22PM
Cedric Blancher (blancher cartel-securite fr)


 

Privacy Statement
Copyright 2010, SecurityFocus