[ previous ] [ next ] [ threads ]
 From:  krt <kkrrtt at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 1.3b2 wireless not automatically associating with hidden SSID
 Date:  Thu, 1 Mar 2007 08:41:41 -0800
SSID broadcast control can prevent unwanted automatic associations in
a crowded environment.

In other words, if you have a device that can see two broadcast SSID's
at the same time, it will connect to only one of them.  You can set
preferred networks, but as soon as one leaves, degrades, etc. your
device will automatically associate to the other one.

Have you ever hopped onto an open network and used it for a while,
then it suddenly dies?   You might find that you've actually just
reassociated to a neighboring AP but for whatever reason their network
prevents the access that you were using, or at least has no knowledge
of your previously active IP sessions.  In this scenario, SSID
broadcast control has been used for a valid purpose.

Disabling SSID broadcast for the purposes of security will 'stop the
junk mail' but it won't stop someone from finding your network and
certainly won't prevent someone from joining it.

On 3/1/07, Kimmo Jaskari <kimmo dot jaskari at gmail dot com> wrote:
> On 3/1/07, Bussel, Ken <KBussell at eprod dot com> wrote:
> > When trying to connect to the Cisco Access point I really need to
> > connect to that has a hidden SSID, I get the status of "no carrier". If
> > I turn the broadcast of the SSID on, it will connect up right away. When
> Turn the SSID broadcast on.
> It doesn't add any meaningful levels of security anyway, just the way
> MAC address filtering doesn't. Both those are easily worked around by
> anyone who really wants to break in to your system.
> WPA-EAP is the only meaningful security level you should be concerned
> about. If you have that properly set up, you are a hard nut to crack
> already and can sleep soundly at night.
> It makes no sense to turn off features like SSID broadcast that can
> cause problems connecting - I've seen it in other gear too, had the
> problem at home with a mobile device for instance. Sure, you add a
> smidgeon of protection against pure "tourists" trying to connect to
> random networks in that they can't even see it, but anyone who really
> wants to break in will hardly even be inconvenienced. Meanwhile, your
> gear doesn't even work right for you.
> Just my opinion, obviously.
> --
> -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--
> "In the beginning the Universe was created. This made a lot of people
> very angry and has been widely regarded as a bad move."
>   - "Hitchhikers Guide", Douglas Adams
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch