HFX Forum

Wi-Fi (802.11 & Bluetooth) => Security => Topic started by: benthehutt on March 16, 2005, 06:07:08 PM

Title: SSID broadcasts
Post by: benthehutt on March 16, 2005, 06:07:08 PM
This may be a dumb question, but I'm kinda new to wireless networks so bear with me.  I've got four computers with WMP54G's on them running through a WRT54G router.  I don't actually need any security past the 128-bit WEP it offers, but I wanted to try to disable the SSID broadcasts.
I've heard you can do it, but none of my computers can find the network if I disable it.  I even give them the SSID and WEP code and they still can't find them.  

First off, is there any actual need to disable SSID broadcasts?  Will it enhance security?  And how can I do it?
Title: Re:SSID broadcasts
Post by: benthehutt on August 13, 2005, 01:22:04 AM
Wow, I was a complete idiot in March.  Anyway, this is what's happening (if anyone cares):

First off, 128-bit WEP encryption is probably more than any 4 computer wireless ethernet will ever need.  In fact, it maybe arguable that wireless networks greatly surpass wired networks in security.  In the first place, it's incredibly difficult to crack a 128-bit public/private key encryption code, second off, if the SSID broadcasts are turned off, most sniffers will never even be able to find the encrypted signal.  Thusly, that will offer way more security than you (I) will ever need.

Thirdly, in order to disable SSID broadcasts, each computer in the network must be given the WEP key and the SSID.  However, this cannot be done using the crappy software that ships with linksys stuff (even though it claims it can).  I suggest uninstalling any software and using a third party program like:

http://www.devicescape.com/ (WOC)
http://www.woodstone.nu/salive/reg.asp
http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html

or even the Windows XP builtin wireless manager cajjigidy.

Oh, and also, I admire your work, benthehutt, and I wish I could kiss the ground you walk upon...

humbly yours,
benthehutt :-*
Title: Re:SSID broadcasts
Post by: wilnix on August 14, 2005, 01:55:11 AM
Wow, sounds like a good place to post about WPA, AES, etc...

I have plans from my wifi implementation i can put up here as soon as i get back to work...just the general stuff...

Wilnix
Title: Re:SSID broadcasts
Post by: syklops on March 20, 2006, 01:26:52 PM
this thread is somewhat out of date now, but I thought I would post this link up anyway.

The FBI demonstrating at, I think it was Defcon, how to crack 128-bit wep in about 10 mins. I have done it and it works.

the link is  here (http://www.hackingdefined.com/movies/see-sec-wepcrack.zip)
Title: Re:SSID broadcasts
Post by: benthehutt on March 20, 2006, 02:58:36 PM
Heh, good ole FBI.  I've got a mathematician friend who worked for the NSA, he said they've got a computer whose sole purpose it to be able to crack RC5-128 encryption in seconds.  Kinda scary thought...
It makes me wonder what kinds of encryption aren't even legal.  I mean, if it took 10000 computers 5 years or so to crack RC5-64 at distributed.net and the government could do it in seconds...
Title: Re:SSID broadcasts
Post by: syklops on March 20, 2006, 03:41:32 PM
have you read Digital Fortress by Dan Brown. Alot of it is fiction, but there are truths in it, and they are scary truths.
Title: Re:SSID broadcasts
Post by: benthehutt on March 20, 2006, 03:53:10 PM
heehee, yay for conspiracy theories!
Title: Re:SSID broadcasts
Post by: Metgod on March 20, 2006, 05:23:13 PM
Afaik, the laws largely depend on the country. For instance, many countries (US included) say you can't export keys that are so and so long (and I don't know the current numbers). So for instance, I couldn't use certain (larger) keys on a global sftp server that foreigners could use. There used to be (still is ?) issues with things like exporting or releasing source code to certain algorithms (DES comes to mind, although that's a vague memory).

I can't help but think I know why all these laws are in place.... although I suppose some of it is good in some ways.
Title: Re:SSID broadcasts
Post by: godaigo on March 21, 2006, 05:48:28 PM
I always thought that it was interesting that the export of cryptographic software was actually written into the munitions export regulations. So in some sense they found it logical to equate the export of software with weapons, even back before "cyber-war" was much of a concept.
Title: Re:SSID broadcasts
Post by: benthehutt on March 21, 2006, 08:10:02 PM
The NSA is the number one employer of math majors in the world--and all to make a break ciphers...

Slightly off topic:

Ha!  I've found you out Godaigo--or should I say, EMPEROR Godaigo?!  I've always wondered where the name came from...
Title: Re:SSID broadcasts
Post by: godaigo on March 22, 2006, 02:52:53 PM
Exactly! So you delved into some history eh? :)
Title: Re:SSID broadcasts
Post by: benthehutt on March 22, 2006, 03:06:32 PM
Are you also a master of the koan?

(I was going to say, "Do you also own the koan," but I thought better of it)
Title: Re:SSID broadcasts
Post by: godaigo on March 23, 2006, 03:13:23 PM
No, the koan kicks my butt! I have no patience for the koan. I do have a lot of time spent with tsuki and kotegaeshi though!
Title: Re:SSID broadcasts
Post by: Marcvs on April 11, 2006, 02:06:36 AM
I have got a 128Bit Encrypted Router (Netgear DG834G) witg SSID but strangely my Belkin Card actually picks up there is a network there (very useful for sniffing other networks ;D) even though its diesnt always give the display name or password i can sometimes force connect it to networks
Title: Re:SSID broadcasts
Post by: Uneek on April 12, 2006, 04:06:05 PM
Err... I must have missed this post originally... either that or the fact that I had been MIA for a while... whatever the case may be, WiFi in its current implementation, whether a/b/g, etc., is VERY insecure and great care should be taken when implementing for it to be secure. 10 minutes to crack 128bit WEP is no longer the case. There's a nifty tool out there that will generate enough traffic for you to sniff the required amount of packets to crack it in just a few minutes... Disabling SSID broadcast does help some, (the whole out of sight, out of mind / security by obscurity thing), however don't rely on only those two for security. I would suggest implementing some sort of RADIUS authenticating at least, blah blah blah... 'nuff of my rant...
Title: Re:SSID broadcasts
Post by: wilnix on April 12, 2006, 05:21:19 PM
I broke into my linksys running 128bit enc in 7 minutes. I have a video that shows WEP cracking in 5 minutes. Think your Wifi is secure? Doubt it.

Wilnix
Title: Re:SSID broadcasts
Post by: Metgod on April 12, 2006, 06:14:50 PM
Ha! I win! I was right!

Title: Re:SSID broadcasts
Post by: benthehutt on April 12, 2006, 11:05:26 PM
Win?  No way, we already discussed that!  We all knew it was less secure anyway... ;D
Title: Re:SSID broadcasts
Post by: Metgod on April 13, 2006, 01:15:28 PM
Yep, you heard me; I WON and you can't do anything about it!

You are afterall.. a lower status than me. Plus your post count is significantly lower... and.. and ...

okay I'll shut up now ;D

PS. Yes, ok. I suppose you're right. Bastard!

Title: Re:SSID broadcasts
Post by: Zerored on May 10, 2006, 02:46:59 PM
Quote from: wilnix on April 12, 2006, 05:21:19 PM
I broke into my linksys running 128bit enc in 7 minutes. I have a video that shows WEP cracking in 5 minutes. Think your Wifi is secure? Doubt it.

Wilnix

post the vid wil!

i want to see it
Title: Re:SSID broadcasts
Post by: benthehutt on September 05, 2006, 10:38:03 AM
I'm currently doing some serious research into wireless security issues, so I'll share some secrets to wifi security:

1. 40-bit WEP keys are just as insecure as 104-bit WEP keys, know why?  Because nobody actually cracks the WEP, they crack the 24-bit IV that's broadcasted with it.  So, instead of wasting precious bandwidth and CPU cycles, turn WEP down to 64-bit.

2.  Use some form of EAP, prefferable LEAP.  LEAP utilizes a rotating key configuration and a RADIUS authentication server.  Basically, the idea is that each user contacts the AP and gives a username/password.  Then it authenticates you against the RADIUS server and generates a WEP key if you're legit.  Then, (this all happens behind the scenes) every few minutes your computer retransmits the username/pass and a new WEP key is generated.  So, a hacker probably won't be able to crack the key before a new one gets generated--pretty sweet.  MS also has an EAP version out that authenticates to AD with a dual certificate system.  It's much more secure than LEAP, but impossible to implement.

3.  Don't disable SSID broadcasting.  It's just annoying.  And it doesn't do anybody any good.

4.  Don't do MAC filtering.  Again, it doesn't do anybody any good, it's just annoying.