Re: wireless router password security

Discussion in 'Computer Security' started by Kyle T. Jones, May 7, 2008.

  1. RS wrote:
    > Hi all,
    >
    > I don't know much about wireless security. I have a friend who uses a
    > Linksys WRT54G router connected to his cable modem so that an OS X
    > machine in a different room connect to the web using airport.
    >
    > My understanding is that WRT54G is a very common router, so I hoping
    > that someone here can help me with this. I have noticed that the airport
    > in OS X can see several connections (presumably from neighbors),
    > including the Linksys one. But while all other connections are password
    > protected, the connection to the Linksys is not, and this troubles me.
    >
    > On the comuter that is physically connected to the router, I have httpd
    > to 192.168.0.1 and I've noticed that there is a place to set the
    > password, however changing the password would not deny connections to
    > the OS X machine. The machine sees the Linksys router and doesn't even
    > ask for password. it gets connected right away. So I am guessing that
    > the password is an administrative password, and not for connections.
    >
    > Does the WRT54G model have a capability to be password protected? The
    > firmware has never been updated, how essential is that for password
    > capability or for security in general (How does one update the firmware
    > anyway?) Since this a relatively old router, should a more up-to-date
    > one be purchased? If not, what is the best way to secure a connection
    > with this router?
    >
    > Thanks very much,
    > RS


    Sure it does. Go back in the way you had (192.168.0.1), enter username
    and password to access admin controls.

    Then simply follow these directions:

    http://www.howtodothings.com/comput...ect-a-linksys-wrt54g-router-using-wap-and-wep

    Cheers.
     
    Kyle T. Jones, May 7, 2008
    #1
    1. Advertising

  2. Kyle T. Jones

    Sebastian G. Guest

    Sebastian G., May 7, 2008
    #2
    1. Advertising

  3. Sebastian G. wrote:
    > Kyle T. Jones wrote:
    >
    >
    >> http://www.howtodothings.com/comput...ect-a-linksys-wrt54g-router-using-wap-and-wep
    >>

    >
    >
    > But please omit the step where disabling SSID broadcast. It doesn't change
    > anything about the security, doesn't make your network invisible at all,
    > but
    > surely creates a lot of trouble with your client accidentially trying to
    > connect to someone else's network.



    Good point.
     
    Kyle T. Jones, May 8, 2008
    #3
  4. Kyle T. Jones

    bz Guest

    "Kyle T. Jones" <> wrote in
    news:fvvj3k$a5m$:

    > Sebastian G. wrote:
    >> Kyle T. Jones wrote:
    >>
    >>
    >>> http://www.howtodothings.com/computers-internet/how-to-protect-a-linksy
    >>> s-wrt54g-router-using-wap-and-wep
    >>>

    >>
    >>
    >> But please omit the step where disabling SSID broadcast. It doesn't
    >> change anything about the security, doesn't make your network invisible
    >> at all, but
    >> surely creates a lot of trouble with your client accidentially trying
    >> to connect to someone else's network.

    >
    >
    > Good point.


    I don't follow the logic. Disabling SSID makes it more difficult for
    someone to connect to my wireless router (WEP turned on also).
    They will have to wait until I have a connection in progress and sniff that
    to find the router's SSID. During the times when there is nothing
    connected, the SSID is not broadcast, so they can't WAR DRIVE by my house
    when I am not there and try to bust in.

    Also, my laptop, doesn't try to 'accidental' connect to other networks.
    It needs to know the SSID for my wireless router in order to establish
    connection.
    I don't tell my laptop wireless card to connect to any available access
    point, so it isn't going to connect to anything unless I tell it to do so.

    Clearly, there are things about wireless that I don't yet understand.
    Perhaps someone can explain more clearly.





    --
    bz

    please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
    infinite set.

    remove ch100-5 to avoid spam trap
     
    bz, May 9, 2008
    #4
  5. Kyle T. Jones

    Sebastian G. Guest

    bz wrote:

    > "Kyle T. Jones" <> wrote in
    > news:fvvj3k$a5m$:
    >
    >> Sebastian G. wrote:
    >>> Kyle T. Jones wrote:
    >>>
    >>>
    >>>> http://www.howtodothings.com/computers-internet/how-to-protect-a-linksy
    >>>> s-wrt54g-router-using-wap-and-wep
    >>>>
    >>>
    >>> But please omit the step where disabling SSID broadcast. It doesn't
    >>> change anything about the security, doesn't make your network invisible
    >>> at all, but
    >>> surely creates a lot of trouble with your client accidentially trying
    >>> to connect to someone else's network.

    >>
    >> Good point.

    >
    > I don't follow the logic. Disabling SSID makes it more difficult for
    > someone to connect to my wireless router (WEP turned on also).



    Actually it makes them easier to accidentally to connect to your network
    instead of another SSID-disabled network.

    > They will have to wait until I have a connection in progress and sniff that
    > to find the router's SSID.



    This would require cracking the encryption.

    > During the times when there is nothing


    > connected, the SSID is not broadcast, so they can't WAR DRIVE by my house
    > when I am not there and try to bust in.



    Bullshit. They can simply send packet to the router, which then replies with
    packets. So they can create their own traffic required for the encryption
    cracking attempt.

    > Also, my laptop, doesn't try to 'accidental' connect to other networks.
    > It needs to know the SSID for my wireless router in order to establish
    > connection.



    Argh, it seems like you really don't have a clue how things works. Hint:
    Your laptop tries to connect to the other router on the MAC layer, tries to
    establish an association, with the SSID, and fails. Now it connects to a
    third router, tries the same, fails. Now it connects to the second router...
    long story short, it can very easily happen that you'll never connect to the
    right router at all, since you're intentionally suppressing the required
    information for locating the right one.

    > I don't tell my laptop wireless card to connect to any available access
    > point, so it isn't going to connect to anything unless I tell it to do so.



    OK, you can connect to (NAMELESS NETWORK), (NAMELESS NETWORK) or (NAMELESS
    NETWORK). Now which one is it?
     
    Sebastian G., May 9, 2008
    #5
  6. Kyle T. Jones

    bz Guest

    "Sebastian G." <> wrote in
    news::

    > bz wrote:
    >
    >> "Kyle T. Jones" <> wrote in
    >> news:fvvj3k$a5m$:
    >>
    >>> Sebastian G. wrote:
    >>>> Kyle T. Jones wrote:
    >>>>
    >>>>
    >>>>> http://www.howtodothings.com/computers-internet/how-to-protect-a-link
    >>>>> sy s-wrt54g-router-using-wap-and-wep
    >>>>>
    >>>>
    >>>> But please omit the step where disabling SSID broadcast. It doesn't
    >>>> change anything about the security, doesn't make your network
    >>>> invisible at all, but
    >>>> surely creates a lot of trouble with your client accidentially trying
    >>>> to connect to someone else's network.
    >>>
    >>> Good point.

    >>
    >> I don't follow the logic. Disabling SSID makes it more difficult for
    >> someone to connect to my wireless router (WEP turned on also).

    >
    >
    > Actually it makes them easier to accidentally to connect to your network
    > instead of another SSID-disabled network.


    HOW? They need to know my router's SSID. It has an SSID, it just doesn't
    broadcast it.

    It DOES respond when my WiFi card says 'hey, (MyRouterSSID), I want to
    connect to you, doesn't it?

    If I understand stuff correctly, this stuff is loosely based on packet radio
    technology.
    In packet radio, I would send a transmission something like
    Node#1 this is Node#2 k
    then Node#1 would answer Node#2 this is Node#1 k
    Node#2 would then go ahead and establish a link or send a command to node#1.

    If Node#1 isn't busy but is available, it would periodically say something
    like
    CQ de Node#1 K

    If Node#1 isn't broadcasting anything, I need to know its name to contact it,
    (and the channel/frequency it listens on).

    >
    >> They will have to wait until I have a connection in progress and sniff
    >> that to find the router's SSID.

    >
    >
    > This would require cracking the encryption.


    Agreed.

    >
    > > During the times when there is nothing

    >
    >> connected, the SSID is not broadcast, so they can't WAR DRIVE by my
    >> house when I am not there and try to bust in.

    >
    >
    > Bulls***.


    Please keep the language clean.

    > They can simply send packet to the router


    HOW do they send a packet to the router? They don't even know it is there.

    It isn't broadcasting. It is sitting there listening for broadcasts addressed
    to it. It does NOT respond to a transmission unless it is addressed to it.

    I don't think there is a 'all routers please broadcast' command for IEEE
    802.11, but I could be wrong. I know that such a command exists on wired
    ethernet but would not expect it on wireless.

    > , which then replies
    > with packets. So they can create their own traffic required for the
    > encryption cracking attempt.


    How? I thought their best bet was to monitor for a day or so and then crack
    the WEP key from accumulated traffic.

    >
    >> Also, my laptop, doesn't try to 'accidental' connect to other networks.
    >> It needs to know the SSID for my wireless router in order to establish
    >> connection.

    >
    >
    > Argh, it seems like you really don't have a clue how things works.


    That is why I asked. Because, from what you said not matching with what I
    thought I knew, I want to find out where my misunderstands are.

    I asked. Do you have a problem with helping people that ask you questions?

    > Hint:
    > Your laptop tries to connect to the other router on the MAC layer, tries
    > to establish an association, with the SSID, and fails.


    My laptop knows the SSID because I configured it to talk to (MyRouterSSID),
    doesn't it?

    > Now it connects
    > to a third router, tries the same, fails.


    Why would it try to connect to (YourRouterSSID)? It keeps sending
    (MyRouterSSID) this is MyLaptopSSID please answer!
    Doesn't it????

    > Now it connects to the second
    > router... long story short, it can very easily happen that you'll never
    > connect to the right router at all, since you're intentionally
    > suppressing the required information for locating the right one.


    I am sorry to be so dense but it still doesn't make sense to me.

    The router can run its beacon, saying 'This is MyRouterSSID' every 100 ms(or
    other time interval, as configured) or it can sit there and just listen for
    calls such as
    (MyRouterSSID) this is (MyLaptopSSID), do you copy?
    and respond to the calls.

    One way [in my opinion] makes it easier for someone unauthorized to connect
    to MyRouterSSID. But, I could be wrong [and you clearly think it makes it
    HARDER for me to keep my computer from connecting to the wrong router, but I
    don't understand why.]

    >> I don't tell my laptop wireless card to connect to any available access
    >> point, so it isn't going to connect to anything unless I tell it to do
    >> so.

    >
    >
    > OK, you can connect to (NAMELESS NETWORK), (NAMELESS NETWORK) or
    > (NAMELESS NETWORK). Now which one is it?


    I don't try to connect to (nameless network), I try to connect to
    (MYROUTERSSID) and if I can't find (MYROUTERSSID) then I don't get a
    connection unless there is a network with an SSID that I have previously
    configured for connection.

    I just tried an experiment. I turned off the SSID broadcast on my wireless
    router (It was on).
    I turned off my network card.
    I started netstumbler and turned on my card. I could not see my wireless
    router. (net stumbler prevents connection).
    There were no broadcasts from the Wireless MAC address.

    I shut down stumbler and cycled my WiFi card off and back on.
    It established contact with my wireless router. It DID see a neighbors OPEN
    router that broadcasts its SSID the first time I powered it on and would have
    connected, if I allowed it to do so, however I doubt it would connect to
    anything that does NOT broadcast an SSID.
    Unfortunately, I am not seeing any other wireless routers that are not
    broadcasting SSID at this time so I can't be sure who is right.
    My Dell network card manager sees only one (nonbroadcasting) in its
    monitoring window.

    When I run NetCrumbler (a patched version of Stumbler that does NOT interfer
    with connections) I see my router just fine, along with 5 other named
    routers.
    But I don't see anyone else running with broadcast off (and am unlikely to do
    so with these tools).

    So, what is it that I am failing to understand about how these things work?

    Are you assuming OPEN routers running with default SSIDs but with broadcast
    turned off? I guess that if my router was named Linksys but had broadcast
    turned off and there was another router named Linksys that also had broadcast
    turned off, it would be easy to connect to the wrong one but operating with a
    default router SSID or ANY as an SSID _would_ be kind of clueless.

    Surely that is NOT what you are talking about, is it?

    Thank you for your patience and for NOT using bad language.

    --
    bz

    please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
    infinite set.

     
    bz, May 10, 2008
    #6
  7. Kyle T. Jones

    Jim Watt Guest

    On Fri, 09 May 2008 22:49:47 +0200, "Sebastian G." <>
    wrote:

    Sebastian, you are talking rubbish

    Disabling the SSID beacon is different to
    disabling the SSID to create a nameless network

    Its a valid way of increasing your security by
    not announcing your ap and thus network exists.

    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, May 10, 2008
    #7
  8. Kyle T. Jones

    Sebastian G. Guest

    bz wrote:

    > "Sebastian G." <> wrote in
    > news::
    >
    >> bz wrote:
    >>
    >>> "Kyle T. Jones" <> wrote in
    >>> news:fvvj3k$a5m$:
    >>>
    >>>> Sebastian G. wrote:
    >>>>> Kyle T. Jones wrote:
    >>>>>
    >>>>>
    >>>>>> http://www.howtodothings.com/computers-internet/how-to-protect-a-link
    >>>>>> sy s-wrt54g-router-using-wap-and-wep
    >>>>>>
    >>>>> But please omit the step where disabling SSID broadcast. It doesn't
    >>>>> change anything about the security, doesn't make your network
    >>>>> invisible at all, but
    >>>>> surely creates a lot of trouble with your client accidentially trying
    >>>>> to connect to someone else's network.
    >>>> Good point.
    >>> I don't follow the logic. Disabling SSID makes it more difficult for
    >>> someone to connect to my wireless router (WEP turned on also).

    >>
    >> Actually it makes them easier to accidentally to connect to your network
    >> instead of another SSID-disabled network.

    >
    > HOW? They need to know my router's SSID. It has an SSID, it just doesn't
    > broadcast it.



    We're talking about MAC layer connections. First you connect on the MAC
    layer, eventually guided by a known SSID, and then the connection partners
    negotiate about the actual connection parameters.

    > It DOES respond when my WiFi card says 'hey, (MyRouterSSID), I want to
    > connect to you, doesn't it?



    It also responds to "hey, nameless router, let's setup an encrypted session.
    If you can decrypt what I sent, and it shows your SSID, then we're partners.
    If not, then let's try it again."

    > If I understand stuff correctly, this stuff is loosely based on packet radio
    > technology.
    > In packet radio, I would send a transmission something like
    > Node#1 this is Node#2 k
    > then Node#1 would answer Node#2 this is Node#1 k
    > Node#2 would then go ahead and establish a link or send a command to node#1.



    And the Node number is the MAC address combined with the channel number.

    > If Node#1 isn't broadcasting anything, I need to know its name to contact it,
    > (and the channel/frequency it listens on).



    Hey, nameless routers on channel 7. Give me some random identifiers. Hey,
    router SOME_RANDOM_IDENTIFIER on channel 7, let's try setting up a session.


    >>> They will have to wait until I have a connection in progress and sniff
    >>> that to find the router's SSID.

    >>
    >> This would require cracking the encryption.

    >
    > Agreed.



    And as such the SSID is obviously a public parameter. If you broadcast the
    SSID, they would still have to crack the encryption to get access. If you
    don't broadcast the SSID, well, then they have to break the encryption or
    the currently nameless network, and if they were successful, they would also
    immediately find the SSID. That is, the SSID would always end up with them
    if they break it, and would be useless anyway if they don't break it.

    And breaking it doesn't require the SSID.

    >> They can simply send packet to the router

    >
    > HOW do they send a packet to the router? They don't even know it is there.



    They can clearly see how it sends beacon requests on a fixed channel with a
    pseudo-unique identifier, and also with its MAC addressing

    > It isn't broadcasting.



    It is. It just doesn't broadcast INVITE requests.

    > It does NOT respond to a transmission unless it is addressed to it.



    And you can address either be its channel, its channel and a pseudo-unique
    identifier delivered upon request, or by its MAC address.

    > I don't think there is a 'all routers please broadcast' command for IEEE
    > 802.11, but I could be wrong.



    There is.

    > I know that such a command exists on wired
    > ethernet but would not expect it on wireless.



    Why not? After all it's an ISO/OSI stack protocol. Heck, it even has an
    Ethernet emulation layer.

    >> Your laptop tries to connect to the other router on the MAC layer, tries
    >> to establish an association, with the SSID, and fails.

    >
    > My laptop knows the SSID because I configured it to talk to (MyRouterSSID),
    > doesn't it?



    This is for association setup that only happens after you have negotiated on
    the MAC layer. After all, how should this work? You can't identify which
    router is yours (since it doesn't broadcast the SSID), and you're supposed
    to choose to which one you want to talk to.


    > The router can run its beacon, saying 'This is MyRouterSSID' every 100 ms(or
    > other time interval, as configured)



    Well, then it would be broadcasting the SSID...

    > or it can sit there and just listen for calls such as



    nameless router, I'm nameless laptop. Let's talk encrypted. encrypted("is
    this your SSID?"). No, damn. OK, everyone, who is here? Ah you! Hello
    nameless router... (and you wouldn't even notice that you're always talking
    to the same).

    >> OK, you can connect to (NAMELESS NETWORK), (NAMELESS NETWORK) or
    >> (NAMELESS NETWORK). Now which one is it?

    >
    > I don't try to connect to (nameless network), I try to connect to
    > (MYROUTERSSID)



    And how would you find this one if you have disabled SSID broadcasting?

    > and if I can't find (MYROUTERSSID) then I don't get a


    > connection unless there is a network with an SSID that I have previously
    > configured for connection.



    Right. But you may also not get a connection even if your router is among
    these, since you're only trying to talk to the other ones. A wonderful way
    to shoot yourself in the foot.

    > I just tried an experiment. I turned off the SSID broadcast on my wireless
    > router (It was on).
    > I turned off my network card.
    > I started netstumbler and turned on my card. I could not see my wireless
    > router. (net stumbler prevents connection).
    > There were no broadcasts from the Wireless MAC address.



    But you could see a SSID-less network, couldn't you?

    > I shut down stumbler and cycled my WiFi card off and back on.
    > It established contact with my wireless router. It DID see a neighbors OPEN
    > router that broadcasts its SSID the first time I powered it on and would have
    > connected, if I allowed it to do so, however I doubt it would connect to
    > anything that does NOT broadcast an SSID.



    Like your very own router? Hm?

    > My Dell network card manager sees only one (nonbroadcasting) in its
    > monitoring window.



    Which might be yours, or someone else's.


    > But I don't see anyone else running with broadcast off (and am unlikely to do
    > so with these tools).



    Maybe you're living far away from civilization? Heck, just on my weekly
    2hour train+bus tour I can catch hundreds of network.

    > Are you assuming OPEN routers running with default SSIDs but with broadcast
    > turned off?



    I suggest adjusting the SSID to clearify the purpose of your network,
    thereby exactly fulfilling its functionality, f.e. PRIVATE. And to make sure
    to not duplicate any existing name of a nearby network. That is, your
    network is clearly visible to both you and outsiders, but they should
    understand that it's your private network, so you could hold them legally
    responsible if they try to interfere with it. And you can clearly identify
    it as yours.
     
    Sebastian G., May 10, 2008
    #8
  9. Kyle T. Jones

    bz Guest

    "Sebastian G." <> wrote in
    news::

    > bz wrote:
    >
    >> "Sebastian G." <> wrote in
    >> news::
    >>
    >>> bz wrote:
    >>>
    >>>> "Kyle T. Jones" <> wrote in
    >>>> news:fvvj3k$a5m$:
    >>>>
    >>>>> Sebastian G. wrote:
    >>>>>> Kyle T. Jones wrote:
    >>>>>>
    >>>>>>
    >>>>>>> http://www.howtodothings.com/computers-internet/how-to-protect-a-li
    >>>>>>> nk sy s-wrt54g-router-using-wap-and-wep
    >>>>>>>
    >>>>>> But please omit the step where disabling SSID broadcast. It doesn't
    >>>>>> change anything about the security, doesn't make your network
    >>>>>> invisible at all, but
    >>>>>> surely creates a lot of trouble with your client accidentially
    >>>>>> trying to connect to someone else's network.
    >>>>> Good point.
    >>>> I don't follow the logic. Disabling SSID makes it more difficult for
    >>>> someone to connect to my wireless router (WEP turned on also).
    >>>
    >>> Actually it makes them easier to accidentally to connect to your
    >>> network instead of another SSID-disabled network.

    >>
    >> HOW? They need to know my router's SSID. It has an SSID, it just
    >> doesn't broadcast it.

    >
    >
    > We're talking about MAC layer connections. First you connect on the MAC
    > layer, eventually guided by a known SSID, and then the connection
    > partners negotiate about the actual connection parameters.


    Hmmm. From what I can gather from reading the IEEE 802.11 working doc
    80.11 2007.pdf from the IEEE web site, neither one of us has been using
    the right terminology. It looks like both my router and my laptop network
    devices are STAs, one(the laptop) is an STA client, the other is an
    AP(access point) STA. They can be 'associated' or 'disassociated'.
    "Before a STA is allowed to send a data message via an AP, it shall first
    become associated with the AP."

    And they talk to each other over PHY (the physical layer).
    "STAs may be hidden from each other".
    "IEEE 802.11 is required to look like a wired network to higher layers."

    It appears that the SSID is used as part of the associate request at the
    MAC level.

    It is going to take me a while to read through the 1232 pages of the
    document.

    Perhaps you can save me some trouble and tell me how my router STA is
    supposed to respond to active probing (is that legal in this
    jurisdiction?) when bulletin broadcasting is turned off and how the
    wardriver even knows my STA is here. Assuming, of course, that the
    wardriver passes when I am not using my network but my router is turned
    on.

    >> It DOES respond when my WiFi card says 'hey, (MyRouterSSID), I want to
    >> connect to you, doesn't it?

    >
    >
    > It also responds to "hey, nameless router, let's setup an encrypted
    > session. If you can decrypt what I sent, and it shows your SSID, then
    > we're partners. If not, then let's try it again."



    >
    >
    > And the Node number is the MAC address combined with the channel number.


    What is this called?

    >
    >> If Node#1 isn't broadcasting anything, I need to know its name to
    >> contact it, (and the channel/frequency it listens on).

    >
    >
    > Hey, nameless routers on channel 7. Give me some random identifiers.
    > Hey, router SOME_RANDOM_IDENTIFIER on channel 7, let's try setting up a
    > session.


    Hey, computer owner, I see the following access points. Which one do you
    want me to establish an association with? [I do NOT see any of the SSIDs
    that you have previously told me to talk to.]

    >>>> They will have to wait until I have a connection in progress and
    >>>> sniff that to find the router's SSID.
    >>>
    >>> This would require cracking the encryption.

    >>
    >> Agreed.

    >
    >
    > And as such the SSID is obviously a public parameter. If you broadcast
    > the SSID, they would still have to crack the encryption to get access.


    And cracking the encryption takes either
    1) collecting lots of encrypted transmissions [about a days worth]
    or
    2) a very lucky guess. [would 'normally' take weeks of guesses to hit.]

    > If you don't broadcast the SSID, well, then they have to break the
    > encryption or the currently nameless network, and if they were
    > successful, they would also immediately find the SSID. That is, the SSID
    > would always end up with them if they break it, and would be useless
    > anyway if they don't break it.
    >
    > And breaking it doesn't require the SSID.



    >
    >>> They can simply send packet to the router

    >>
    >> HOW do they send a packet to the router? They don't even know it is
    >> there.

    >
    >
    > They can clearly see how it sends beacon requests on a fixed channel
    > with a pseudo-unique identifier, and also with its MAC addressing


    Where do I find this in the specs?

    >
    >> It isn't broadcasting.

    >
    >
    > It is. It just doesn't broadcast INVITE requests.


    Where do I find this in the specs?

    >
    >> It does NOT respond to a transmission unless it is addressed to it.

    >
    >
    > And you can address either be its channel, its channel and a
    > pseudo-unique identifier delivered upon request, or by its MAC address.


    If it isn't broadcasting, I would need to send a probe request on each
    channel asking 'who hears me'? If it is broadcasting, all I need to do is
    listen for a while [on all channels].

    >> I don't think there is a 'all routers please broadcast' command for
    >> IEEE 802.11, but I could be wrong.

    >
    >
    > There is.


    What is it called?

    >
    >> I know that such a command exists on wired
    >> ethernet but would not expect it on wireless.

    >
    >
    > Why not? After all it's an ISO/OSI stack protocol. Heck, it even has an
    > Ethernet emulation layer.


    Yes but that should be at a higher layer, shouldn't it?
    It should EMULATE not duplicate.

    But I must admit that the specs are a bit confusing.

    >>> Your laptop tries to connect to the other router on the MAC layer,
    >>> tries to establish an association, with the SSID, and fails.

    >>
    >> My laptop knows the SSID because I configured it to talk to
    >> (MyRouterSSID), doesn't it?

    >
    >
    > This is for association setup that only happens after you have
    > negotiated on
    > the MAC layer. After all, how should this work? You can't identify
    > which
    > router is yours (since it doesn't broadcast the SSID), and you're
    > supposed to choose to which one you want to talk to.


    I would think that it knows its own ID and listens for calls addressed to
    that ID, properly encrypted, on the proper channel. I would expect it to
    ignore improper calls, those not addressed to it and those not properly
    encrypted.

    >> The router can run its beacon, saying 'This is MyRouterSSID' every 100
    >> ms(or other time interval, as configured)

    >
    >
    > Well, then it would be broadcasting the SSID...


    Yep. But broadcast can be turned off, and I have done so now.

    >
    >> or it can sit there and just listen for calls such as

    >
    >
    > nameless router, I'm nameless laptop. Let's talk encrypted.
    > encrypted("is this your SSID?"). No, damn. OK, everyone, who is here? Ah
    > you! Hello nameless router... (and you wouldn't even notice that you're
    > always talking to the same).


    Why not encrypted(MyRouterSSID) this is encrypted(MyLaptopSSID). Do you
    copy??? Over (repeat until answer received or timeout period has expired,
    then report: No (MyRouterSSID) heard. Here is a list of APs heard. Do you
    want to talk to one of them?

    .....

    >
    >>> OK, you can connect to (NAMELESS NETWORK), (NAMELESS NETWORK) or
    >>> (NAMELESS NETWORK). Now which one is it?

    >>
    >> I don't try to connect to (nameless network), I try to connect to
    >> (MYROUTERSSID)

    >
    >
    > And how would you find this one if you have disabled SSID broadcasting?


    It is ALWAYS listening for proper calls. It just doesn't say
    HEY any STA, this is (MyRouterSSID) listening for properly encrypted calls
    on this channel. Go ahead.

    >
    > > and if I can't find (MYROUTERSSID) then I don't get a

    >
    >> connection unless there is a network with an SSID that I have
    >> previously configured for connection.

    >
    >
    > Right. But you may also not get a connection even if your router is
    > among these, since you're only trying to talk to the other ones. A
    > wonderful way to shoot yourself in the foot.


    I have not seen any such problem yet.
    Now at my office, we have two wireless networks and IF I allow my laptop
    to connect to ANY network AND if the secure net is down, my laptop will
    talk to the insecure routers. But it is pretty easy to remove the
    configuration for the insecure net from the list of permitted networks.
    Then, if the secure net is down, I don't get any connection.

    >
    >> I just tried an experiment. I turned off the SSID broadcast on my
    >> wireless router (It was on).
    >> I turned off my network card.
    >> I started netstumbler and turned on my card. I could not see my
    >> wireless router. (net stumbler prevents connection).
    >> There were no broadcasts from the Wireless MAC address.

    >
    >
    > But you could see a SSID-less network, couldn't you?


    I could see MINE, after I established connection to it.
    I did NOT see it by just listening.

    I would need to fire up a computer that had not previously connected to my
    router and see what it reports.

    I just tried my SMC usb wireless adapter on my laptop but I seem to have
    problems finding drivers.

    >> I shut down stumbler and cycled my WiFi card off and back on.
    >> It established contact with my wireless router. It DID see a neighbors
    >> OPEN router that broadcasts its SSID the first time I powered it on and
    >> would have connected, if I allowed it to do so, however I doubt it
    >> would connect to anything that does NOT broadcast an SSID.

    >
    >
    > Like your very own router? Hm?


    So to test the idea I really need two AP STAs (non broadcasting) plus at
    least one STA client.

    I will check with our campus wireless experts and see what they say about
    your idea.

    >> My Dell network card manager sees only one (nonbroadcasting) in its
    >> monitoring window.

    >
    >
    > Which might be yours, or someone else's.


    It was mine.

    >> But I don't see anyone else running with broadcast off (and am unlikely
    >> to do so with these tools).

    >
    >
    > Maybe you're living far away from civilization? Heck, just on my weekly
    > 2hour train+bus tour I can catch hundreds of network.


    They are broadcasting their SSID.

    How would you know anything about those that don't?

    >
    >> Are you assuming OPEN routers running with default SSIDs but with
    >> broadcast turned off?

    >
    >
    > I suggest adjusting the SSID to clearify the purpose of your network,
    > thereby exactly fulfilling its functionality, f.e. PRIVATE. And to make
    > sure to not duplicate any existing name of a nearby network. That is,
    > your network is clearly visible to both you and outsiders, but they
    > should understand that it's your private network, so you could hold them
    > legally responsible if they try to interfere with it. And you can
    > clearly identify it as yours.


    I think that deliberately using someones wireless without their express
    permission could be expensive. That is regardless of whether they have
    taken any steps to secure their router.

    As for getting caught... it happens. It may not be likely but it does
    happen.






    --
    bz

    please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
    infinite set.

    remove ch100-5 to avoid spam trap
     
    bz, May 12, 2008
    #9
  10. Kyle T. Jones

    Sebastian G. Guest

    bz wrote:

    > "Sebastian G." <> wrote in
    > news::
    >
    >> bz wrote:
    >>
    >>> "Sebastian G." <> wrote in
    >>> news::
    >>>
    >>>> bz wrote:
    >>>>
    >>>>> "Kyle T. Jones" <> wrote in
    >>>>> news:fvvj3k$a5m$:
    >>>>>
    >>>>>> Sebastian G. wrote:
    >>>>>>> Kyle T. Jones wrote:
    >>>>>>>
    >>>>>>>
    >>>>>>>> http://www.howtodothings.com/computers-internet/how-to-protect-a-li
    >>>>>>>> nk sy s-wrt54g-router-using-wap-and-wep
    >>>>>>>>
    >>>>>>> But please omit the step where disabling SSID broadcast. It doesn't
    >>>>>>> change anything about the security, doesn't make your network
    >>>>>>> invisible at all, but
    >>>>>>> surely creates a lot of trouble with your client accidentially
    >>>>>>> trying to connect to someone else's network.
    >>>>>> Good point.
    >>>>> I don't follow the logic. Disabling SSID makes it more difficult for
    >>>>> someone to connect to my wireless router (WEP turned on also).
    >>>> Actually it makes them easier to accidentally to connect to your
    >>>> network instead of another SSID-disabled network.
    >>> HOW? They need to know my router's SSID. It has an SSID, it just
    >>> doesn't broadcast it.

    >>
    >> We're talking about MAC layer connections. First you connect on the MAC
    >> layer, eventually guided by a known SSID, and then the connection
    >> partners negotiate about the actual connection parameters.

    >
    > Hmmm. From what I can gather from reading the IEEE 802.11 working doc
    > 80.11 2007.pdf from the IEEE web site, neither one of us has been using
    > the right terminology. It looks like both my router and my laptop network
    > devices are STAs, one(the laptop) is an STA client, the other is an
    > AP(access point) STA. They can be 'associated' or 'disassociated'.
    > "Before a STA is allowed to send a data message via an AP, it shall first
    > become associated with the AP."
    >
    > And they talk to each other over PHY (the physical layer).
    > "STAs may be hidden from each other".
    > "IEEE 802.11 is required to look like a wired network to higher layers."
    >
    > It appears that the SSID is used as part of the associate request at the
    > MAC level.
    >
    > It is going to take me a while to read through the 1232 pages of the
    > document.
    >
    > Perhaps you can save me some trouble and tell me how my router STA is
    > supposed to respond to active probing (is that legal in this
    > jurisdiction?) when bulletin broadcasting is turned off and how the
    > wardriver even knows my STA is here.



    Even when it doesn't broadcast INVITE requests with the SSID, it still
    broadcasts Beacon requests to notify its presence on the physical layer. It
    also responds to Beacon notify requests.

    Maybe you should simply try it. Turn off SSID broadcasting, change the
    default channel to a very specific one, disconnect from the router, fire up
    NetStumbler and you'll see a No-SSID network on exactly this channel.

    > Hey, computer owner, I see the following access points. Which one do you
    > want me to establish an association with? [I do NOT see any of the SSIDs
    > that you have previously told me to talk to.]



    Indeed. Since you have no way to differ the routers, you might always
    connect to the wrong one. The same happens if you set it up to always try
    them all. Same happens on every little interruption.

    > And cracking the encryption takes either
    > 1) collecting lots of encrypted transmissions [about a days worth]
    > or
    > 2) a very lucky guess. [would 'normally' take weeks of guesses to hit.]



    Dunno what you're talking about, but I only know WEP and WPA/WPAv2/IEEE
    802.11i as the two major techniques. WEP can be broken within some minutes
    of traffics, or bypassed (by creating a valid (IV, cipher stream) pair to
    send, but not receive arbitrary packets) within few seconds. The traffic can
    always be generated by sending out Beacon notification requests.

    And IEEE 802.11i or its subsets known as WPA can at most be attacked via a
    MITM attack on the association setup, which gives you about 30 minutes of
    pure bruteforcing until the session key is forcefully renewed, and your
    attemt would have to totally start for a new. Also, how exactly would you
    bruteforce a random 256 bit key?

    > Where do I find this in the specs?



    Dunno, the analysis documentation of AirCrack is much clearer to read.

    > If it isn't broadcasting, I would need to send a probe request on each
    > channel asking 'who hears me'? If it is broadcasting, all I need to do is
    > listen for a while [on all channels].



    Right.

    > Yes but that should be at a higher layer, shouldn't it?
    > It should EMULATE not duplicate.



    To emulate Ethernet functionally you have to implement a functionally
    identical MAC layer, which gives you the required demand for broadcasts.

    > I would think that it knows its own ID and listens for calls addressed to
    > that ID, properly encrypted, on the proper channel. I would expect it to
    > ignore improper calls, those not addressed to it and those not properly
    > encrypted.



    Indeed, this is how one might have implemented it if the spec wouldn't
    require Ethernet MAC layer compatibility.

    > It is ALWAYS listening for proper calls.



    So are the other APs. But you only know that you got the wrong one after
    trying to decipher his reply. That's why you may permanently hit the wrong one.

    > I just tried my SMC usb wireless adapter on my laptop but I seem to have
    > problems finding drivers.



    Well, you cannot always be as lucky as I was. I bought a random No-Name
    PCMCIA wlan card, which then turned out to be and AMD PCnet Wireless 800
    model based upon the well-known Atheros chipset. You know, the one which was
    used for the very first WEP hack.


    >> Maybe you're living far away from civilization? Heck, just on my weekly
    >> 2hour train+bus tour I can catch hundreds of network.

    >
    > They are broadcasting their SSID.



    No, about half of them doesn't.

    > How would you know anything about those that don't?



    See above. Beacon request.


    > I think that deliberately using someones wireless without their express
    > permission could be expensive. That is regardless of whether they have
    > taken any steps to secure their router.



    Nonsense. In civil law, this is called reasonable expectation of use. If you
    built a well near a street and some people would start drinking water from
    it, you couldn't sue them (or at least not sucessfully). You'd be required
    to install a sign "No drinking from well without permission", then you could
    defend.

    If my machine is asking your router to establish a connection and it
    actually does, I can reasonably expect that this was the full intention of
    its owner. Heck, if it even delivers matching IP addresses via DHCP, this
    surely must be intentional. After all, if the owner didn't want this access
    to be public, he would have configured it differently.

    Now if somehow it would be likely that I'd notice his internet access has a
    transfer limit, and intentionally utilize it much beyond this limit, I might
    get into a little trouble. Unlikely, but possible.

    If I were to crack a WEP "encryption", which definitely is a sign of
    intended privacy, I would become responsible. Though at least in case of
    WEP, I could successfully argue that the owner has been sloppy to allow such
    a well-known broken protocols instead of resorting to secure variants (like
    WPA) and therefore has to pay a certain share of his damage costs out of his
    own pocket.
     
    Sebastian G., May 12, 2008
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    640
    COMSOLIT Messmer
    Sep 5, 2003
  2. MizzGail

    wireless router password

    MizzGail, Sep 28, 2005, in forum: Computer Support
    Replies:
    15
    Views:
    38,618
    ryanguildford
    Oct 27, 2008
  3. Milarpa

    Netgear Wireless Router Password

    Milarpa, May 21, 2005, in forum: Computer Information
    Replies:
    2
    Views:
    737
    Hate K-CSC Duane ;-\)
    May 22, 2005
  4. Bill
    Replies:
    2
    Views:
    746
    Nobody
    May 28, 2008
  5. fruitbat

    password problem with TP-LINK Wireless Router

    fruitbat, Nov 14, 2008, in forum: Computer Information
    Replies:
    3
    Views:
    75,113
    Jeff Strickland
    Nov 14, 2008
Loading...

Share This Page