My security officer is doing his quartely security sweep. He is using a security program called ISS. He has given me a list of Aps which are broacasting our SSID. When I take alook at the APs the "Allow Broadcast SSID to associate" is turned off. Are there any other settings that is allowing the SSIDs to show up? I am using Aironet 350s and 1200s

Thank-you for your help

Let me clear something up. This is a very common misconception that disabling the Broadcast SSID 'hides' the SSID from snoopers.

SSIDs occur in the following frames:

BEACONs
PROBE Requests
PROBE Responses
ASSOCIATION Requests
REASSOCIATION Requests

The method that 802.11 vendors use to hide the WLAN's SSID is to hide the Broadcast SSID in the BEACONs frames. For the Station to join or roam, the Station sends an ASSOCIATE or REASSOCIATE Request to the AP. The ASSOCIATE and REASSOCIATE frames always contain the WLAN SSID.

By disabling the Broadcast SSID feature, the SSID configured in the client must match the SSID of the access point. That is what this feature is designed for.

Not to worry though, just because a hacker gets your SSID he (or she) can't do anything becaues you have other security set up, right? Of course you do. No one who has a security officer would rely solely on hiding the SSID to keep people out, yes?

Hope that helps.

We are using LEAP authentication in conjunction with a RADIUS server. The reason that I was inquiring about this is because some of the APs we have will show up with the SSID during a security sweep, while others will not. I compared setting between those that do and don't, and I can not find any discrepancies.

Thank-you for your advice. If you have any more it would be greatly appreciated.

For the SSID to show up, there has to be traffic with the packets listed above. If there is no traffic with the above packets, the SSID will not be discovered. Sweeps are like a snapshot. They depend on whats happening at the time you run the sweep. If there is a cell with no traffic, then that cell will appear to be 'hidden'. That's why, even though you have identical settings on the AP's, some show up and some don't.

Impartial, Thank-You for your help. I will now use this info to get my security officer off my back.

Let me see if I have this right.

SSID's are in these frames:

BEACONs
PROBE Requests
PROBE Responses
ASSOCIATION Requests
REASSOCIATION Requests

Disabling Broadcast SSID
1) Disables probe response frames
2) Takes SSID's out of Beacon

A client must now have the SSID in the association request to associate with the AP.

But a passive sniffer can get the SSID by listening to ASSOCIATION Requests or REASSOCIATION Requests


What happens when a client sends an association request with a bad SSID? Does the AP send a failure response or does it not respond at all?

I have not found that a vendor's 'Disable Broadcast SSID' feature removes the SSID in the Probe Response.

If the STA has a 'different' SSID than the AP, the AP does not send an Association Response, (the request is rejected and logged as an unspecified failure)...I think - documentation is not clear on this (IEEE 802.11 handbook).

I use AirMagnet to manage Cisco/Orinoco AP's and I have not seen a rejection frame from the AP.

However, if you have a sniffer, give it a try and see what you get.

could not be in a sadder state. My laptop is completely disassembled (broken power jack) and my hd crashed on my desktop.

I was thinking disabling SSID broadcasts makes the AP stop sending probe responses completely. The reason why is when you turn it off, the AP stops responding to Netstumbler probe repuests.

Any thoughts or suggestions on AirMagnet? I would like to get it as soon as I win the lottery.

yes i also would like the airmagnet software so I am going to pawn off my right kidney......anyone who wishes to donate the remainder of the cost....just email me...lol

:p

Centrino, what was it you wanted to know about AirMagnet? I've recently purchased it and could probably answer some questions on how it works if that's what you're looking for.

Nunny,

I am thinking about purchasing Airmagnet. What are your overall impressions of it? Likes vs dislikes. I have read the info on the company website, but I wanted some independent feedback.

Thanks for the info!

I don't mean to get this thread off topic, so I'll reply with a new thread in the Applications category.