[ltp] Re: Managing network connections

[linux-thinkpad@linux-thinkpad.org]

On Wed, 17 Aug 2005, Bret Comstock Waldow wrote:

> A question - am I reading your example right to get the idea that this depends
> on the SSID?  As a security matter, I told my router not to broadcast the
> SSID, so random hackers in the neighborhood don't know it's there and don't
> spend time trying to crack into it.

Unfortunately, I think most even casual hackers will be using Linux,
and the tool of choice for quick scanning will be kismet, which will
detect wireless nets with cloaked SSID immediately.  To quote the
article at:

http://blogs.zdnet.com/Ou/?p=43

"There is no such thing as "SSID hiding". You're only hiding SSID
beckoning on the Access Point. There are 4 other mechanisms that also
broadcast the SSID over the 2.4 or 5 GHz spectrum. The 4 mechanisms
are; probe requests, probe responses, association requests, and
re-association requests. Essentially, youre talking about hiding 1 of
5 SSID broadcast mechanisms. Nothing is hidden and all youve achieved
is cause problems for Wi-Fi roaming when a client jumps from AP to
AP."

I do appreciate some measures may stop the casual attempt at breakin,
and I used to say WEP was worth something, having tried once to crack
my own network, and found I couldn't after many hours data collection.
But recently I tried again: the algorithms have improved massively,
requiring only about 200,000 IVs (data packets) now rather than 10
million, and I cracked my own WEP key staggering quickly.  I use an
internal VPN (OpenVPN for me) over my own wireless network because
I can't swap to WPA(2) yet - older clients on the same net.  It
protects my data, but of course doesn't stop others using my network.
I run arpwatch, but again, MAC masquerading is dead easy.

Honey