[SATLUG] Re: Very Annoying Wireless problems

Brad Knowles brad at shub-internet.org
Mon Feb 26 17:40:48 CST 2007


At 4:00 PM -0600 2/26/07, Travis M. wrote:

>  Ever see a network with no ESSID? I have, and so has Benjamin Temple.

Yup, I've seen it.  More often than not, I think it's a case of 
someone being sneaky and using only whitespace characters as their 
ESSID as opposed to normal printable characters.  Certainly, you can 
use whitespace characters as part of the ESSID name, because I do 
that on my own network.  It would not surprise me at all if someone 
was able to use only whitespace characters for their ESSID name.

Another potential cause might be if the network is set up as 
"closed", so that it doesn't broadcast beacon packets.  You'll see 
traffic from it if you use a passive sniffer (e.g., Kismet on a 
supported device, mostly 802.11b), but it may be a while before you 
see admin traffic that would allow you to determine what the ESSID 
is.  Moreover, if the network is set up as closed and encrypted, you 
may not see the admin traffic that would allow you to determine what 
the ESSID is.

Of course, you also want to lock things down to specific MAC 
addresses, and then you want to run tools that look at the actual 
radio fingerprint of the MAC address to make sure that someone isn't 
trying to spoof you by stealing the same address and using it on a 
different device.  And you also want to use snort-like IDS tools to 
see which MAC addresses are being seen by which APs, and what the TDR 
distance is to the APs, so that you don't have APs which should be 
fixed in location suddenly go wandering around on you.

-- 
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>


More information about the SATLUG mailing list