[ previous ] [ next ] [ threads ]
 
 From:  krt <kkrrtt at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 1.3b2 wireless not automatically associating with hidden SSID
 Date:  Thu, 1 Mar 2007 08:45:59 -0800 
Sorry - bad grammar day.

THIS: In this scenario, SSID broadcast control has been used for a
valid purpose.

SHOULD BE THIS: In this scenario, SSID broadcast control has a valid
purpose as it can solve a technical symptom to a real problem.   You
can make your networks work or you can put distance between yourself
and your neighbors.  Disabling SSID broadcast is much easier than
packing up and moving.



On 3/1/07, krt <kkrrtt at gmail dot com> wrote:
> SSID broadcast control can prevent unwanted automatic associations in
> a crowded environment.
>
> In other words, if you have a device that can see two broadcast SSID's
> at the same time, it will connect to only one of them.  You can set
> preferred networks, but as soon as one leaves, degrades, etc. your
> device will automatically associate to the other one.
>
> Have you ever hopped onto an open network and used it for a while,
> then it suddenly dies?   You might find that you've actually just
> reassociated to a neighboring AP but for whatever reason their network
> prevents the access that you were using, or at least has no knowledge
> of your previously active IP sessions.  In this scenario, SSID
> broadcast control has been used for a valid purpose.
>
> Disabling SSID broadcast for the purposes of security will 'stop the
> junk mail' but it won't stop someone from finding your network and
> certainly won't prevent someone from joining it.
>
>
>
>
>
>
>
>
> On 3/1/07, Kimmo Jaskari <kimmo dot jaskari at gmail dot com> wrote:
> > On 3/1/07, Bussel, Ken <KBussell at eprod dot com> wrote:
> >
> > > When trying to connect to the Cisco Access point I really need to
> > > connect to that has a hidden SSID, I get the status of "no carrier". If
> > > I turn the broadcast of the SSID on, it will connect up right away. When
> >
> > Turn the SSID broadcast on.
> >
> > It doesn't add any meaningful levels of security anyway, just the way
> > MAC address filtering doesn't. Both those are easily worked around by
> > anyone who really wants to break in to your system.
> >
> > WPA-EAP is the only meaningful security level you should be concerned
> > about. If you have that properly set up, you are a hard nut to crack
> > already and can sleep soundly at night.
> >
> > It makes no sense to turn off features like SSID broadcast that can
> > cause problems connecting - I've seen it in other gear too, had the
> > problem at home with a mobile device for instance. Sure, you add a
> > smidgeon of protection against pure "tourists" trying to connect to
> > random networks in that they can't even see it, but anyone who really
> > wants to break in will hardly even be inconvenienced. Meanwhile, your
> > gear doesn't even work right for you.
> >
> > Just my opinion, obviously.
> >
> > --
> > -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--
> >
> > "In the beginning the Universe was created. This made a lot of people
> > very angry and has been widely regarded as a bad move."
> >   - "Hitchhikers Guide", Douglas Adams
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
>