I'm setting up my 802.11b network
at home, and among the config options
on my WAP, I noticed "SSID broadcast".
What exactly is this? Is this what allows
my wireless laptop to find the network
by "searching" for available wireless
networks? If so, will turning it off make
my network more secure?

Broadcast of SSID is done in access points by the beacon. This announces your access point (including various bits of information about it) to the wireless world around it. Disabling SSID broadcast may add slightly to the difficulty of a wardriver spotting your access point (though generally on finding a beacon a probe is issued anyway).

Some wireless devices don't work properly if ssid isn't broadcast (for example the Dlink DWL-120 USB 802.11b adapter). Generally if your client hardware supports operation with ssid disabled, it's not a bad idea to run that way. However it's no replacement for WEP, MAC filtering or other protections.

I think dissabling this is one of the most effective ways of securing a home network.

The biggest threat to a home network is some wardriver who logs ssids via netstumbler that decides to stop at your house and hog bandwidth, trash your computers, reconfigure your AP, or hack worldbank. Dissabling ssid beacons hides you from nestumbler and any other program that sends out probe requests to recieve ssis info.

This does not protect you from passive scanning, then again anyone who knows about passive scanning and has the equipment to do it, can probably defeat any security you got;)

Hi,
I believe Kismet advertises detection of hidden ssid's. I have read elsewhere that the beacon is still sniffable, but the ssid is not broadcast. However once the beacon is sniffed a probe request to the access point yields the ssid. Thus disabling ssid does help, but doesn't stop all sniffers. The following is a list of sniffers and platforms they support (it may help those reading this thread to understand the variety of things which may drive by and this isn't a comprehensive list).....

NetStumbler (Windows) and MiniStumbler (Pocket PC)
PocketWarrior (Pocket PC)
Kismet (Linux)
Dstumbler (NetBSD, FreeBSD, OpenBSD)
Wellenreiter (Linux, experimental BSD)
802.11 Network Discovery Tools (Linux)
iStumbler (Mac)
AirMagnet (Windows, PDA)
THC-WarDrive (Linux)
PrismStumbler (Linux)
WaveStumbler (Linux)
ssidsniff (Linux)
WaveMon (Linux)

"However once the beacon is sniffed a probe request to the access point yields the ssid"

If SSID broadcasts are dissabled the AP will no longer send probe response frames.

Have you used WaveMon? If so what do you think?

kismet will sniff SSID's even if broadcasting is disabled.

This was stated before recently:

"SSIDs occur in the following frames:

BEACONs
PROBE Requests
PROBE Responses
ASSOCIATION Requests
REASSOCIATION Requests

The method that 802.11 vendors use to hide the WLAN's SSID is to hide the Broadcast SSID in the BEACONs frames. For the Station to join or roam, the Station sends an ASSOCIATE or REASSOCIATE Request to the AP. The ASSOCIATE and REASSOCIATE frames always contain the WLAN SSID."

Most sniffers worth their weight not only look for the SSID in the Beacon frame but in these other frames as well.

Not broadcasting the SSID is great if you are trying to keep out Windows XP users and genereally is a good idea. It is not a high level of security. Disable the SSID broadcast and, like Pandora said, at LEAST use the highest level of WEP your network supports and use MAC filtering. You are still vulnerable, but someone would REALLY have to be out to get you.

Disabling the SSID will only stop the wardriving beginners, many of who probably do not even know how to use Linux and an external antenna. Many of the linux-based sniffers such as Kismet can easily identify the SSID of a WAP. Sure, disabling the SSID will stop your neighbor with half a brain using windows XP from seeing your network, but it is by no means a security measure to protect your WLAN.

but it is by no means a security measure to protect your WLAN.

Considering 50% of wardrivers use netstumbler to log AP's, I would say your statement is incorrect. One thing people often do, is when they find out how to defeat a particular security measure, they claim it to be "useless".

Security is all about LAYERS and LEVELS OF SOPHISTICATION.
Is disabling SSID broadcast a silver bullet? Hardly. But in reality there is no such thing anyway.

Does it add a layer? Definitely.
Does it add a level of sophisitcation? A very small one.

Is the dead bolt on your front door "by no means a security measure to protect your house"? Because it can sure be smashed in.

It adds a layer because it takes time to defeat, and it adds a level because of the equipment it takes to do so.

And let me post one clarification, an AP with Broadcast SSID disabled WILL respond to a probe request. It will NOT respond to a probe request for "ANY" or null. But it MUST respond to a probe request for it's SSID, to which it will reply with a probe response containing the SSID. Tools like AirJack work by spoofing a DEAUTHENTICATE frame seemingly coming from the AP to one of it's clients, who will then reassocitate, yielding the SSID on demand.

Originally posted by Aiakos
Considering 50% of wardrivers use netstumbler to log AP's, I would say your statement is incorrect.


Have you ever been out driving with any wardrivers?? Been involved in any wardriving games to see who can find the most open AP's in an hour?? Using Netstumbler to go wardriving is like taking fisher price golf clubs to the course for a round or two......this is the most absolute beginner program available. My grandma could figure it out if I gave her a card and antenna and told her to aim at a house.

Of course the most absolute of all idiots out wardriving deserve to be locked up if they are using this program for that purpose because I could have more fun, say, watching a bird take a crap on my hood while I sit in my car. They will accomplish absolutely nothing with it as far as logging onto someone elses' network if it is encrypted. Linux has 1000% more programs available to wardrivers that windows does (10 for linux and 1 for windows...netstumbler).

And another note.....when i stated "it is by no means a security measure to protect your wireless LAN", I meant that a person would be stupid to say "yeah i got my WLAN secure, i just disabled the SSID".....its just like someone who wants to break into your house......sure you can hide the key under the rug or anywhere else......but people with experience know where to look or they just pick the lock.

Have you ever been out driving with any wardrivers??

Yup.

this is the most absolute beginner program available

My point exactly.

"it is by no means a security measure to protect your wireless LAN"
"yeah i got my WLAN secure, i just disabled the SSID"

These two imply completely different things.


Look, I know what your saying. We ALL do.
To be good in data security, or any security for that matter, you need to know about risk management. Disabling SSID broadcasts narrows your threats to a higher level of sophistication.

If you can eliminate all the nubs from hacking your network at absolutely no costs or management overhead, you take that action.

Edit: "most nubs"

Originally posted by Aiakos


If you can eliminate all the nubs....


I don't think this would ever happen but oh well, at least we have come to an agreement....:rolleyes: