[SATLUG] Re: Very Annoying Wireless problems
brad at shub-internet.org
Mon Feb 26 17:40:48 CST 2007
At 4:00 PM -0600 2/26/07, Travis M. wrote:
> Ever see a network with no ESSID? I have, and so has Benjamin Temple.
Yup, I've seen it. More often than not, I think it's a case of
someone being sneaky and using only whitespace characters as their
ESSID as opposed to normal printable characters. Certainly, you can
use whitespace characters as part of the ESSID name, because I do
that on my own network. It would not surprise me at all if someone
was able to use only whitespace characters for their ESSID name.
Another potential cause might be if the network is set up as
"closed", so that it doesn't broadcast beacon packets. You'll see
traffic from it if you use a passive sniffer (e.g., Kismet on a
supported device, mostly 802.11b), but it may be a while before you
see admin traffic that would allow you to determine what the ESSID
is. Moreover, if the network is set up as closed and encrypted, you
may not see the admin traffic that would allow you to determine what
the ESSID is.
Of course, you also want to lock things down to specific MAC
addresses, and then you want to run tools that look at the actual
radio fingerprint of the MAC address to make sure that someone isn't
trying to spoof you by stealing the same address and using it on a
different device. And you also want to use snort-like IDS tools to
see which MAC addresses are being seen by which APs, and what the TDR
distance is to the APs, so that you don't have APs which should be
fixed in location suddenly go wandering around on you.
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>
More information about the SATLUG