Thread: wireless router password security
View Single Post
  #8 (permalink)  
Old 05-10-2008, 01:36 AM
Sebastian G.
Guest
  
Posts: n/a
Default Re: wireless router password security
bz wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:68jrooF2t4jo8U1@mid.dfncis.de:
>
>> bz wrote:
>>
>>> "Kyle T. Jones" <Email@reallyrealdomain.net> wrote in
>>> news:fvvj3k$a5m$1@aioe.org:
>>>
>>>> Sebastian G. wrote:
>>>>> Kyle T. Jones wrote:
>>>>>
>>>>>
>>>>>> http://www.howtodothings.com/compute...protect-a-link
>>>>>> sy s-wrt54g-router-using-wap-and-wep
>>>>>>
>>>>> But please omit the step where disabling SSID broadcast. It doesn't
>>>>> change anything about the security, doesn't make your network
>>>>> invisible at all, but
>>>>> surely creates a lot of trouble with your client accidentially trying
>>>>> to connect to someone else's network.
>>>> Good point.
>>> I don't follow the logic. Disabling SSID makes it more difficult for
>>> someone to connect to my wireless router (WEP turned on also).
>>
>> Actually it makes them easier to accidentally to connect to your network
>> instead of another SSID-disabled network.
>
> HOW? They need to know my router's SSID. It has an SSID, it just doesn't
> broadcast it.


We're talking about MAC layer connections. First you connect on the MAC
layer, eventually guided by a known SSID, and then the connection partners
negotiate about the actual connection parameters.

> It DOES respond when my WiFi card says 'hey, (MyRouterSSID), I want to
> connect to you, doesn't it?


It also responds to "hey, nameless router, let's setup an encrypted session.
If you can decrypt what I sent, and it shows your SSID, then we're partners.
If not, then let's try it again."

> If I understand stuff correctly, this stuff is loosely based on packet radio
> technology.
> In packet radio, I would send a transmission something like
> Node#1 this is Node#2 k
> then Node#1 would answer Node#2 this is Node#1 k
> Node#2 would then go ahead and establish a link or send a command to node#1.


And the Node number is the MAC address combined with the channel number.

> If Node#1 isn't broadcasting anything, I need to know its name to contact it,
> (and the channel/frequency it listens on).


Hey, nameless routers on channel 7. Give me some random identifiers. Hey,
router SOME_RANDOM_IDENTIFIER on channel 7, let's try setting up a session.


>>> They will have to wait until I have a connection in progress and sniff
>>> that to find the router's SSID.
>>
>> This would require cracking the encryption.
>
> Agreed.


And as such the SSID is obviously a public parameter. If you broadcast the
SSID, they would still have to crack the encryption to get access. If you
don't broadcast the SSID, well, then they have to break the encryption or
the currently nameless network, and if they were successful, they would also
immediately find the SSID. That is, the SSID would always end up with them
if they break it, and would be useless anyway if they don't break it.

And breaking it doesn't require the SSID.

>> They can simply send packet to the router
>
> HOW do they send a packet to the router? They don't even know it is there.


They can clearly see how it sends beacon requests on a fixed channel with a
pseudo-unique identifier, and also with its MAC addressing

> It isn't broadcasting.


It is. It just doesn't broadcast INVITE requests.

> It does NOT respond to a transmission unless it is addressed to it.


And you can address either be its channel, its channel and a pseudo-unique
identifier delivered upon request, or by its MAC address.

> I don't think there is a 'all routers please broadcast' command for IEEE
> 802.11, but I could be wrong.


There is.

> I know that such a command exists on wired
> ethernet but would not expect it on wireless.


Why not? After all it's an ISO/OSI stack protocol. Heck, it even has an
Ethernet emulation layer.

>> Your laptop tries to connect to the other router on the MAC layer, tries
>> to establish an association, with the SSID, and fails.
>
> My laptop knows the SSID because I configured it to talk to (MyRouterSSID),
> doesn't it?


This is for association setup that only happens after you have negotiated on
the MAC layer. After all, how should this work? You can't identify which
router is yours (since it doesn't broadcast the SSID), and you're supposed
to choose to which one you want to talk to.


> The router can run its beacon, saying 'This is MyRouterSSID' every 100 ms(or
> other time interval, as configured)


Well, then it would be broadcasting the SSID...

> or it can sit there and just listen for calls such as


nameless router, I'm nameless laptop. Let's talk encrypted. encrypted("is
this your SSID?"). No, damn. OK, everyone, who is here? Ah you! Hello
nameless router... (and you wouldn't even notice that you're always talking
to the same).

>> OK, you can connect to (NAMELESS NETWORK), (NAMELESS NETWORK) or
>> (NAMELESS NETWORK). Now which one is it?
>
> I don't try to connect to (nameless network), I try to connect to
> (MYROUTERSSID)


And how would you find this one if you have disabled SSID broadcasting?

> and if I can't find (MYROUTERSSID) then I don't get a

> connection unless there is a network with an SSID that I have previously
> configured for connection.


Right. But you may also not get a connection even if your router is among
these, since you're only trying to talk to the other ones. A wonderful way
to shoot yourself in the foot.

> I just tried an experiment. I turned off the SSID broadcast on my wireless
> router (It was on).
> I turned off my network card.
> I started netstumbler and turned on my card. I could not see my wireless
> router. (net stumbler prevents connection).
> There were no broadcasts from the Wireless MAC address.


But you could see a SSID-less network, couldn't you?

> I shut down stumbler and cycled my WiFi card off and back on.
> It established contact with my wireless router. It DID see a neighbors OPEN
> router that broadcasts its SSID the first time I powered it on and would have
> connected, if I allowed it to do so, however I doubt it would connect to
> anything that does NOT broadcast an SSID.


Like your very own router? Hm?

> My Dell network card manager sees only one (nonbroadcasting) in its
> monitoring window.


Which might be yours, or someone else's.


> But I don't see anyone else running with broadcast off (and am unlikely to do
> so with these tools).


Maybe you're living far away from civilization? Heck, just on my weekly
2hour train+bus tour I can catch hundreds of network.

> Are you assuming OPEN routers running with default SSIDs but with broadcast
> turned off?


I suggest adjusting the SSID to clearify the purpose of your network,
thereby exactly fulfilling its functionality, f.e. PRIVATE. And to make sure
to not duplicate any existing name of a nearby network. That is, your
network is clearly visible to both you and outsiders, but they should
understand that it's your private network, so you could hold them legally
responsible if they try to interfere with it. And you can clearly identify
it as yours.

Reply With Quote