SSID broadcasts

Started by benthehutt, March 16, 2005, 06:07:08 PM

Previous topic - Next topic
This may be a dumb question, but I'm kinda new to wireless networks so bear with me.  I've got four computers with WMP54G's on them running through a WRT54G router.  I don't actually need any security past the 128-bit WEP it offers, but I wanted to try to disable the SSID broadcasts.
I've heard you can do it, but none of my computers can find the network if I disable it.  I even give them the SSID and WEP code and they still can't find them.  

First off, is there any actual need to disable SSID broadcasts?  Will it enhance security?  And how can I do it?
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.

Wow, I was a complete idiot in March.  Anyway, this is what's happening (if anyone cares):

First off, 128-bit WEP encryption is probably more than any 4 computer wireless ethernet will ever need.  In fact, it maybe arguable that wireless networks greatly surpass wired networks in security.  In the first place, it's incredibly difficult to crack a 128-bit public/private key encryption code, second off, if the SSID broadcasts are turned off, most sniffers will never even be able to find the encrypted signal.  Thusly, that will offer way more security than you (I) will ever need.

Thirdly, in order to disable SSID broadcasts, each computer in the network must be given the WEP key and the SSID.  However, this cannot be done using the crappy software that ships with linksys stuff (even though it claims it can).  I suggest uninstalling any software and using a third party program like:

http://www.devicescape.com/ (WOC)
http://www.woodstone.nu/salive/reg.asp
http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html

or even the Windows XP builtin wireless manager cajjigidy.

Oh, and also, I admire your work, benthehutt, and I wish I could kiss the ground you walk upon...

humbly yours,
benthehutt :-*
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.

Wow, sounds like a good place to post about WPA, AES, etc...

I have plans from my wifi implementation i can put up here as soon as i get back to work...just the general stuff...

Wilnix
alt email address: wilnix@hackphreak.org

March 20, 2006, 01:26:52 PM #3 Last Edit: March 20, 2006, 01:27:51 PM by syklops
this thread is somewhat out of date now, but I thought I would post this link up anyway.

The FBI demonstrating at, I think it was Defcon, how to crack 128-bit wep in about 10 mins. I have done it and it works.

the link is here

Heh, good ole FBI.  I've got a mathematician friend who worked for the NSA, he said they've got a computer whose sole purpose it to be able to crack RC5-128 encryption in seconds.  Kinda scary thought...
It makes me wonder what kinds of encryption aren't even legal.  I mean, if it took 10000 computers 5 years or so to crack RC5-64 at distributed.net and the government could do it in seconds...
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.

have you read Digital Fortress by Dan Brown. Alot of it is fiction, but there are truths in it, and they are scary truths.

heehee, yay for conspiracy theories!
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.

Afaik, the laws largely depend on the country. For instance, many countries (US included) say you can't export keys that are so and so long (and I don't know the current numbers). So for instance, I couldn't use certain (larger) keys on a global sftp server that foreigners could use. There used to be (still is ?) issues with things like exporting or releasing source code to certain algorithms (DES comes to mind, although that's a vague memory).

I can't help but think I know why all these laws are in place.... although I suppose some of it is good in some ways.
"My Terminal is my Soul"

I always thought that it was interesting that the export of cryptographic software was actually written into the munitions export regulations. So in some sense they found it logical to equate the export of software with weapons, even back before "cyber-war" was much of a concept.
Godaigo
All's fair in Love and Brewing.

The NSA is the number one employer of math majors in the world--and all to make a break ciphers...

Slightly off topic:

Ha!  I've found you out Godaigo--or should I say, EMPEROR Godaigo?!  I've always wondered where the name came from...
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.

Exactly! So you delved into some history eh? :)
Godaigo
All's fair in Love and Brewing.

Are you also a master of the koan?

(I was going to say, "Do you also own the koan," but I thought better of it)
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.

No, the koan kicks my butt! I have no patience for the koan. I do have a lot of time spent with tsuki and kotegaeshi though!
Godaigo
All's fair in Love and Brewing.

I have got a 128Bit Encrypted Router (Netgear DG834G) witg SSID but strangely my Belkin Card actually picks up there is a network there (very useful for sniffing other networks ;D) even though its diesnt always give the display name or password i can sometimes force connect it to networks

Err... I must have missed this post originally... either that or the fact that I had been MIA for a while... whatever the case may be, WiFi in its current implementation, whether a/b/g, etc., is VERY insecure and great care should be taken when implementing for it to be secure. 10 minutes to crack 128bit WEP is no longer the case. There's a nifty tool out there that will generate enough traffic for you to sniff the required amount of packets to crack it in just a few minutes... Disabling SSID broadcast does help some, (the whole out of sight, out of mind / security by obscurity thing), however don't rely on only those two for security. I would suggest implementing some sort of RADIUS authenticating at least, blah blah blah... 'nuff of my rant...
*** Sleep: A completely inadequate substitute for caffeine. ***
01010010010101000100011001001101

SMF spam blocked by CleanTalk