Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.internet.wireless
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-17-2010, 03:21 AM
AndyHancock
Guest
 
Posts: n/a
Default SpeedTouch 585(i) v6: Allow New Devices?

I have a SpeedTouch 585(i) v6. I thought I could set "Allow New
Devices" to "New stations are not allowed" without preventing
established devices from connecting (see "Home Networks" page at
http://speedtouch.lan/cgi/b/lan/?ce=1&be=0&l0=3&l1=-1). However, this
setting also dropped the connection for devices that were already
connected. The manual doesn't exactly explain what this field is
for. I was wondering if anyone here could explain?

Reply With Quote
  #2 (permalink)  
Old 04-17-2010, 03:57 AM
Mike Easter
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

AndyHancock wrote:
> I have a SpeedTouch 585(i) v6. I thought I could set "Allow New
> Devices" to "New stations are not allowed" without preventing
> established devices from connecting (see "Home Networks" page at
> http://speedtouch.lan/cgi/b/lan/?ce=1&be=0&l0=3&l1=-1).


That link isn't correct.

> However, this
> setting also dropped the connection for devices that were already
> connected. The manual doesn't exactly explain what this field is
> for. I was wondering if anyone here could explain?


The manual doesn't exactly explain its choice of words in the menu
setting, but the manual does explain how to make good choices between:

(Sections 2.2.3 and 2.2.4 in the manual)

<snip>
On the Wireless Access Point page, you have the following options for
the ACL: New stations are

Allowed (automatically): All new stations can access the SpeedTouch.
Allowed (via registration): Only allowed stations in the ACL have
access.You can add new stations via:
The Association / Registration button.
The Search for wireless devices task.
For more information, see Registering wireless clients.
Not allowed: Only allowed stations in the ACL have access.
You can add new stations to the ACL only via the Search for
wireless devices task. For more information, see Registering clients via
Web pages.
</snip>

The point is that the menu selection you are referring to doesn't mean
what you think. You should either use the encryption strategy or you
should use the described 'registering wireless clients' section 2.2.4 in
the manual.

The manual I'm referring to is this one:
Thomson SpeedTouch 585 - Residential Wireless ADSL Gateway - DSL
Wireless Router - Manual - http://peek.snipr.com/vjmhz

--
Mike Easter

Reply With Quote
  #3 (permalink)  
Old 04-17-2010, 11:23 AM
AndyHancock
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

On Apr 16, 11:57*pm, Mike Easter <Mi...@ster.invalid> wrote:
> AndyHancock wrote:
> > I have a SpeedTouch 585(i) v6. *I thought I could set "Allow New
> > Devices" to "New stations are not allowed" without preventing
> > established devices from connecting (see "Home Networks" page at
> >http://speedtouch.lan/cgi/b/lan/?ce=1&be=0&l0=3&l1=-1).

>
> That link isn't correct.
>
> > However, this
> > setting also dropped the connection for devices that were already
> > connected. *The manual doesn't exactly explain what this field is
> > for. *I was wondering if anyone here could explain?

>
> The manual doesn't exactly explain its choice of words in the menu
> setting, but the manual does explain how to make good choices between:
>
> (Sections 2.2.3 and 2.2.4 in the manual)
>
> <snip>
> On the Wireless Access Point page, you have the following options for
> the ACL: New stations are
>
> * *Allowed (automatically): All new stations can access the SpeedTouch.
> * *Allowed (via registration): Only allowed stations in the ACL have
> access.You can add new stations via:
> * * The Association / Registration button.
> * * The Search for wireless devices task.
> * * * *For more information, see Registering wireless clients.
> * *Not allowed: Only allowed stations in the ACL have access.
> * * *You can add new stations to the ACL only via the Search for
> wireless devices task. For more information, see Registering clients via
> Web pages.
> </snip>
>
> The point is that the menu selection you are referring to doesn't mean
> what you think. *You should either use the encryption strategy or you
> should use the described 'registering wireless clients' section 2.2.4 in
> the manual.
>
> The manual I'm referring to is this one:
> Thomson SpeedTouch 585 - Residential Wireless ADSL Gateway - DSL
> Wireless Router - *Manual -http://peek.snipr.com/vjmhz


Thanks for clearing that up, Mike.

Perhaps it's a firmware thing (and I have been strongly advised
against messing with the firmware), but my modem doesn't have a
function to scan for devices. However, the ACL shows devices that
I've connected to the WLAN and the Ethernet ports before.

My computer is already on the ACL, shown as connecting to WLAN, and
shown as allowed to connect. Would you know of other possible reasons
why I can't connect when new stations are not allowed?

Reply With Quote
  #4 (permalink)  
Old 04-17-2010, 11:39 AM
AndyHancock
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

On Apr 17, 7:23*am, AndyHancock <andymhanc...@gmail.com> wrote:
> On Apr 16, 11:57*pm, Mike Easter <Mi...@ster.invalid> wrote:
>
>
>
> > AndyHancock wrote:
> > > I have a SpeedTouch 585(i) v6. *I thought I could set "Allow New
> > > Devices" to "New stations are not allowed" without preventing
> > > established devices from connecting (see "Home Networks" page at
> > >http://speedtouch.lan/cgi/b/lan/?ce=1&be=0&l0=3&l1=-1).

>
> > That link isn't correct.

>
> > > However, this
> > > setting also dropped the connection for devices that were already
> > > connected. *The manual doesn't exactly explain what this field is
> > > for. *I was wondering if anyone here could explain?

>
> > The manual doesn't exactly explain its choice of words in the menu
> > setting, but the manual does explain how to make good choices between:

>
> > (Sections 2.2.3 and 2.2.4 in the manual)

>
> > <snip>
> > On the Wireless Access Point page, you have the following options for
> > the ACL: New stations are

>
> > * *Allowed (automatically): All new stations can access the SpeedTouch.
> > * *Allowed (via registration): Only allowed stations in the ACL have
> > access.You can add new stations via:
> > * * The Association / Registration button.
> > * * The Search for wireless devices task.
> > * * * *For more information, see Registering wireless clients.
> > * *Not allowed: Only allowed stations in the ACL have access.
> > * * *You can add new stations to the ACL only via the Search for
> > wireless devices task. For more information, see Registering clients via
> > Web pages.
> > </snip>

>
> > The point is that the menu selection you are referring to doesn't mean
> > what you think. *You should either use the encryption strategy or you
> > should use the described 'registering wireless clients' section 2.2.4 in
> > the manual.

>
> > The manual I'm referring to is this one:
> > Thomson SpeedTouch 585 - Residential Wireless ADSL Gateway - DSL
> > Wireless Router - *Manual -http://peek.snipr.com/vjmhz

>
> Thanks for clearing that up, Mike.
>
> Perhaps it's a firmware thing (and I have been strongly advised
> against messing with the firmware), but my modem doesn't have a
> function to scan for devices. *However, the ACL shows devices that
> I've connected to the WLAN and the Ethernet ports before.
>
> My computer is already on the ACL, shown as connecting to WLAN, and
> shown as allowed to connect. *Would you know of other possible reasons
> why I can't connect when new stations are not allowed?


I did some more putzing around...on my modem, the function of scanning
for devices is under the HomeNetwork->Interfaces page, not the
HomeNetwork->Devices page. After scanning for devices, it takes me to
the HomeNetwork page, which I posted in my original post. I browse to
the ACL on the HomeNetwork->Devices page, and everything is exactly
the same as before scanning for devices.

This doesn't really shed any light on why I can't connect when new
stations are not allowed, so any ideas on this are welcome. I note,
however, that WiFi access does work when new stations are allowed with
registration (not my preferred option).

Reply With Quote
  #5 (permalink)  
Old 04-17-2010, 12:01 PM
Mike Easter
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

AndyHancock wrote:
>> Mike Easter


>>> You should either use the encryption strategy or you
>>> should use the described 'registering wireless clients' section 2.2.4 in
>>> the manual.


> After scanning for devices, it takes me to
> the HomeNetwork page, which I posted in my original post.


That page is on your system, not mine or 'ours', this newsgroup
readership.

> I note,
> however, that WiFi access does work when new stations are allowed with
> registration (not my preferred option).


That is the way 'everyone' else does it most often. That is, they setup
for WPA encrypted access. What is it you don't like about that popular
method?

Do you have an 'adversary' in range who is cracking WPA?


--
Mike Easter

Reply With Quote
  #6 (permalink)  
Old 04-17-2010, 01:23 PM
Mike Easter
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

AndyHancock wrote:

> see "Home Networks" page at
> http://speedtouch.lan/cgi/b/lan/?ce=1&be=0&l0=3&l1=-1


The speedtouch has internal webpages accessed at the speedtouch.lan
address such as what you pasted above or http://192.168.1.254

Those pages aren't useful to post here for us because they are in your
router which we can't access.

// To access the SpeedTouch via the Web interface - In the address bar,
type your SpeedTouch’s IP address or DNS host name
(http://speedtouch.lan or 192.168.1.254 by default) //

> I thought I could set "Allow New
> Devices" to "New stations are not allowed" without preventing
> established devices from connecting


According to the manual (at Thomson's site), you should be able to
register your LAN devices to the ACL either by using the router's
register/association button on the front or by using the speedtouch
webpage interface.

That excluding setting is called "Not allowed: Only allowed stations in
the ACL have access." but it requires that the/your desired stations be
properly registered in the ACL accesscontrollist and it only works
properly until there is a factory default reset.

However, if you reset the router to factory defaults, all of the
settings are lost and it reverts to a very insecure and promiscuous
mode. That reset can take place from its webpage interface or with the
reset button on the back.

There are also other security measures you can take, such as not
broadcasting the router's SSID.



--
Mike Easter

Reply With Quote
  #7 (permalink)  
Old 04-17-2010, 03:10 PM
AndyHancock
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

On Apr 17, 8:01 am, Mike Easter <Mi...@ster.invalid> wrote:
> AndyHancock wrote:
>>> Mike Easter
>>>> You should either use the encryption strategy or you should use
>>>> the described 'registering wireless clients' section 2.2.4 in the
>>>> manual.

>> After scanning for devices, it takes me to the HomeNetwork page,
>> which I posted in my original post.

>
> That page is on your system, not mine or 'ours', this newsgroup
> readership.


Understood. I was thinking of the internal "URL" might be informative
for people who own my model of ST, and saw the article.

I forgot to mention that I use the most secure encryption option on
this modem, which is WPA-PSK (from what I've read on the web).
Upgrading the firmware might provide a more secure option, but it's
not something I'm comfortable doing.

>> I note, however, that WiFi access does work when new stations are
>> allowed with registration (not my preferred option).

>
> That is the way 'everyone' else does it most often. That is, they
> setup for WPA encrypted access. What is it you don't like about
> that popular method?
>
> Do you have an 'adversary' in range who is cracking WPA?


I'm not sure, but a couple of weeks ago, my modem became inaccessible
by WiFi. When I logged in by ethernet, it turns out that all the WiFi
settings were changed, and all the control widgets to change settings
weren't available to change them back. Encryption had also been
turned off. After days of putzing around, I found and uploaded a
previously saved configuration, which brought the proper settings and
functionality back (and brought back the widgets that would have
allowed me to make those settings on the web GUI). Of course, I
changed the encryption key.

I'm not sure how long it takes to crack WPA-PSK if the interface is
always enabled, but if it's just a matter of running a monitoring
program, then I suppose it doesn't matter how long it takes.

From your other response posting:
> According to the manual (at Thomson's site), you should be able to
> register your LAN devices to the ACL either by using the router's
> register/association button on the front or by using the speedtouch
> webpage interface.
>
> That excluding setting is called "Not allowed: Only allowed stations
> in the ACL have access." but it requires that the/your desired
> stations be properly registered in the ACL accesscontrollist and it
> only works properly until there is a factory default reset.


That's exactly it...my devices are in the ACL. I assume the ACL is the
page shown at "Home Network" or "Home Network -> Devices", since those
are the pages described in the manual for registering clients. My
devices are listed in boths. In the latter, they are listed as
allowed to connect.

> However, if you reset the router to factory defaults, all of the
> settings are lost and it reverts to a very insecure and promiscuous
> mode. That reset can take place from its webpage interface or with
> the reset button on the back.


Well, somehow it did get reset, but not to factory defaults (I
think...certainly not to the state I got the modem in, and without the
GUI settings widgets normally found on the modem web pages). Now that
I have the modem working again, the proper devices are listed in both
the pages above. Unless ACL means something different than the pages
I described above, my laptop should be able to connect.

> There are also other security measures you can take, such as not
> broadcasting the router's SSID.


I researched the web about that, but the impression I get is that it
doesn't help much. Perhaps the same could be said about not allowing
automatic connection -- I'm not sure.

Reply With Quote
  #8 (permalink)  
Old 04-17-2010, 04:27 PM
Mike Easter
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

AndyHancock wrote:
> Mike Easter


> I forgot to mention that I use the most secure encryption option on
> this modem, which is WPA-PSK (from what I've read on the web).
> Upgrading the firmware might provide a more secure option, but it's
> not something I'm comfortable doing.


>> Do you have an 'adversary' in range who is cracking WPA?

>
> I'm not sure, but a couple of weeks ago, my modem became inaccessible
> by WiFi. When I logged in by ethernet, it turns out that all the WiFi
> settings were changed, and all the control widgets to change settings
> weren't available to change them back. Encryption had also been
> turned off. After days of putzing around, I found and uploaded a
> previously saved configuration, which brought the proper settings and
> functionality back (and brought back the widgets that would have
> allowed me to make those settings on the web GUI). Of course, I
> changed the encryption key.


I don't know about this 'previously saved configuration' if someone else
has been resetting your router. I will say that it is 'common practice'
for wardrivers who find an insecure router - say the default user/pass -
to 'mess with it'.

To me, the best thing to do under those circumstances would be to reset
to the factor defaults. This is an insecure condition which needs to be
logged into and then immediately secure it with changing its name,
changing the pass, turning off the SSID and so forth.

Of course it needs to be reconfigured for the wireless security and you
can do that with the ACL business if you like.

> I'm not sure how long it takes to crack WPA-PSK if the interface is
> always enabled, but if it's just a matter of running a monitoring
> program, then I suppose it doesn't matter how long it takes.


You create one more layer of security if you will change the router's
SSID and not broadcast it.

I suspect that you had not changed the router's pass and that it was
broadcasting its SSID and someone found it wardriving and checked the
default pass and it worked and they got in and messed with it.

>> That excluding setting is called "Not allowed: Only allowed stations
>> in the ACL have access." but it requires that the/your desired
>> stations be properly registered in the ACL accesscontrollist and it
>> only works properly until there is a factory default reset.

>
> That's exactly it...my devices are in the ACL. I assume the ACL is the
> page shown at "Home Network" or "Home Network -> Devices", since those
> are the pages described in the manual for registering clients. My
> devices are listed in boths. In the latter, they are listed as
> allowed to connect.
>
>> However, if you reset the router to factory defaults, all of the
>> settings are lost and it reverts to a very insecure and promiscuous
>> mode. That reset can take place from its webpage interface or with
>> the reset button on the back.

>
> Well, somehow it did get reset, but not to factory defaults (I
> think...certainly not to the state I got the modem in, and without the
> GUI settings widgets normally found on the modem web pages). Now that
> I have the modem working again, the proper devices are listed in both
> the pages above. Unless ACL means something different than the pages
> I described above, my laptop should be able to connect.
>
>> There are also other security measures you can take, such as not
>> broadcasting the router's SSID.

>
> I researched the web about that, but the impression I get is that it
> doesn't help much. Perhaps the same could be said about not allowing
> automatic connection -- I'm not sure.


If your router isn't working right about the ACL and if someone else has
also been messing with it, I would reset to the factory defaults and
start all over again with your securing the router as I described above
and use the WPA process to get your clients registered and then set your
'not allowed' condition.

I don't think your usage of some 'previous configuration' is the best
approach.


--
Mike Easter

Reply With Quote
  #9 (permalink)  
Old 04-17-2010, 06:35 PM
AndyHancock
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

On Apr 17, 12:27*pm, Mike Easter <Mi...@ster.invalid> wrote:
> AndyHancock wrote:
> > Mike Easter
> > I forgot to mention that I use the most secure encryption option on
> > this modem, which is WPA-PSK (from what I've read on the web).
> > Upgrading the firmware might provide a more secure option, but it's
> > not something I'm comfortable doing.
> >> Do you have an 'adversary' in range who is cracking WPA?

>
> > I'm not sure, but a couple of weeks ago, my modem became inaccessible
> > by WiFi. When I logged in by ethernet, it turns out that all the WiFi
> > settings were changed, and all the control widgets to change settings
> > weren't available to change them back. *Encryption had also been
> > turned off. *After days of putzing around, I found and uploaded a
> > previously saved configuration, which brought the proper settings and
> > functionality back (and brought back the widgets that would have
> > allowed me to make those settings on the web GUI). *Of course, I
> > changed the encryption key.

>
> I don't know about this 'previously saved configuration' if someone else
> has been resetting your router. *I will say that it is 'common practice'
> for wardrivers who find an insecure router - say the default user/pass -
> to 'mess with it'.
>
> To me, the best thing to do under those circumstances would be to reset
> to the factor defaults. *This is an insecure condition which needs to be
> logged into and then immediately secure it with changing its name,
> changing the pass, turning off the SSID and so forth.
>
> Of course it needs to be reconfigured for the wireless security and you
> can do that with the ACL business if you like.
>
> > I'm not sure how long it takes to crack WPA-PSK if the interface is
> > always enabled, but if it's just a matter of running a monitoring
> > program, then I suppose it doesn't matter how long it takes.

>
> You create one more layer of security if you will change the router's
> SSID and not broadcast it.
>
> I suspect that you had not changed the router's pass and that it was
> broadcasting its SSID and someone found it wardriving and checked the
> default pass and it worked and they got in and messed with it.
>
>
>
> >> That excluding setting is called "Not allowed: Only allowed stations
> >> in the ACL have access." but it requires that the/your desired
> >> stations be properly registered in the ACL accesscontrollist and it
> >> only works properly until there is a factory default reset.

>
> > That's exactly it...my devices are in the ACL. I assume the ACL is the
> > page shown at "Home Network" or "Home Network -> Devices", since those
> > are the pages described in the manual for registering clients. *My
> > devices are listed in boths. *In the latter, they are listed as
> > allowed to connect.

>
> >> However, if you reset the router to factory defaults, all of the
> >> settings are lost and it reverts to a very insecure and promiscuous
> >> mode. *That reset can take place from its webpage interface or with
> >> the reset button on the back.

>
> > Well, somehow it did get reset, but not to factory defaults (I
> > think...certainly not to the state I got the modem in, and without the
> > GUI settings widgets normally found on the modem web pages). Now that
> > I have the modem working again, the proper devices are listed in both
> > the pages above. *Unless ACL means something different than the pages
> > I described above, my laptop should be able to connect.

>
> >> There are also other security measures you can take, such as not
> >> broadcasting the router's SSID.

>
> > I researched the web about that, but the impression I get is that it
> > doesn't help much. *Perhaps the same could be said about not allowing
> > automatic connection -- I'm not sure.

>
> If your router isn't working right about the ACL and if someone else has
> also been messing with it, I would reset to the factory defaults and
> start all over again with your securing the router as I described above
> and use the WPA process to get your clients registered and then set your
> 'not allowed' condition.
>
> I don't think your usage of some 'previous configuration' is the best
> approach.


Mike, I followed most of your suggestions...I didn't quite muster the
courage to reset to factory settings because there is such a plethora
of settings beyond Home Network and WiFi. Furthermore, the previous
configuration that I used as a baseline was from long, long ago. I
haven't seen any devices aside from my own connected to my WiFi, which
is no guarantee that the encryption wasn't compromised until at least
recently (if at all), but gives me a bit of confidence. Further
confidence is obtained from the fact that I have always been pretty
high up on a highrise, making my WiFi inaccessible from street level.
As well, there is sometimes unsecured WiFi nearby, making my network
unattractive.

I changed the password, the SSID, and stopped broadcasting the SSID.

Funny run of good luck: After using the front panel button to register
my PDA, I found that I could set the modem to not accept other
devices, but both the laptop and the PDA could still access dis/re-
connect to access point. I had avoided using the button to register
devices because nowhere in the documentation I found on the web could
I find a picture confirming what was the front of the modem, and the
registration button on the front. I didn't want to be pressing a
factory reset button in err. Well, I took a guess, and it turned out
to be the right button.

One think I find about not broadcasting SSID is that (surprise) it no
longer shows up "View Available Wireless Networks" on Windows XP.
This means I cannot initiate a connection at a time of my choosing. I
have to set that network's properties so that I automatically connect
to that network when the access point is in range, and then wait for
connection to start. If I disconnect from the network (or access
point), the checkbox for automatic connection becomes unchecked until
I check it again. I suppose this is just a clunkier way to manually
controlling the connection.

Thanks for your insightful advice, and if you have any further
comments on the above, I appreciate your sharing them.

Reply With Quote
  #10 (permalink)  
Old 04-17-2010, 08:05 PM
alexd
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

On 17/04/10 19:35, AndyHancock wrote:

> One think I find about not broadcasting SSID is that (surprise) it no
> longer shows up "View Available Wireless Networks" on Windows XP.
> This means I cannot initiate a connection at a time of my choosing. I
> have to set that network's properties so that I automatically connect
> to that network when the access point is in range, and then wait for
> connection to start.


IMHO, 'hiding' one's SSID is futile; all it does is inconvenience
legitimate users, and it doesn't deter the bad guys one bit.

"Wireless LAN security myths that won't die":

http://blogs.zdnet.com/Ou/?p=454

--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
20:57:20 up 8 days, 10:11, 2 users, load average: 0.16, 0.19, 0.18
It is better to have been wasted and then sober
than to never have been wasted at all

Reply With Quote
  #11 (permalink)  
Old 04-17-2010, 09:29 PM
AndyHancock
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

On Apr 17, 4:05*pm, alexd <troffa...@hotmail.com> wrote:
> On 17/04/10 19:35, AndyHancock wrote:
>
> > One think I find about not broadcasting SSID is that (surprise) it no
> > longer shows up "View Available Wireless Networks" on Windows XP.
> > This means I cannot initiate a connection at a time of my choosing. *I
> > have to set that network's properties so that I automatically connect
> > to that network when the access point is in range, and then wait for
> > connection to start.

>
> IMHO, 'hiding' one's SSID is futile; all it does is inconvenience
> legitimate users, and it doesn't deter the bad guys one bit.
>
> "Wireless LAN security myths that won't die":
>
> http://blogs.zdnet.com/Ou/?p=454


The inconvenience is minor now that I've got it set up with allowed
devices on the ACL.

Most of the argument against SSID cloaking relates to its use in place
of encryption, but the few people I know of who cloak their SSID also
use encryption.

In some of the links on that page, I did read with interest the fact
that the mobile device broadcasts the SSID when probing for an AP of
interest, but a follow-up comment that someone provided asked whether
that is any less secure than when AP's broadcast their SSIDs
continuously. I can imagine situations in which it can be exploited
e.g. as described in the article impersonation of a preferred network
to lure the mobile device (especially when the mobile device is far
away from the preferred network, I guess). However,I'm not that
familiar with wireless protocols, so I won't elaborate.

About this spewing of preferred network SSID by the mobile unit,
that's only when it isn't connected to the preferred network, right?

Reply With Quote
  #12 (permalink)  
Old 04-18-2010, 11:28 AM
alexd
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

On 17/04/10 22:29, AndyHancock wrote:

> About this spewing of preferred network SSID by the mobile unit,
> that's only when it isn't connected to the preferred network, right?


Yes. But once you're connected, your SSID is visible in every frame you
send. And even when you're not connected - eg if a wired device ARPs for
something else.

--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
12:24:30 up 9 days, 1:39, 2 users, load average: 0.11, 0.13, 0.15
It is better to have been wasted and then sober
than to never have been wasted at all

Reply With Quote
  #13 (permalink)  
Old 04-18-2010, 03:50 PM
AndyHancock
Guest
 
Posts: n/a
Default Re: SpeedTouch 585(i) v6: Allow New Devices?

On Apr 18, 7:28*am, alexd <troffa...@hotmail.com> wrote:
> On 17/04/10 22:29, AndyHancock wrote:
>
> > About this spewing of preferred network SSID by the mobile unit,
> > that's only when it isn't connected to the preferred network, right?

>
> Yes. But once you're connected, your SSID is visible in every frame you
> send. And even when you're not connected - eg if a wired device ARPs for
> something else.


I did some reading on google hits for "arp wifi". I have to admit
that it's not my area, but I get the general idea that spoofing can
happen, and all traffic can be funnelled through the attacker's
computer.

This visibility of SSID in every frame, is it any different than the
usual case i.e. when SSID is not cloaked?

Furthermore, in the the latter case, does the mobile device will not
be spew out the SSID of the access point? I'm guessing not, since it
doesn't have to query if the preferred AP is near, since it is
expecting the AP to broadcast its SSID. I'm also guessing that this
is the point of vulnerability i.e. letting the attacker know the SSID
of the preferred AP so that the attacker knows what to emulate.

Finally, anyone who cloaks SSID will likely also use encryption.
Would the ARP poisoning that you mentioned still allow the attacker to
see the contents of your traffic?

Reply With Quote
Reply


« Trouble connecting to Internet through my D-Link router | Re: Volcano and Wifi »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 05:29 AM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45