Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Wireless SSID discovery

from [Olivier Fauchon] Network Security [Permanent Link]
Subject: Re: Wireless SSID discovery
Date: Tue, 21 Dec 2004 01:04:29 +0100
Andrew Bagrin wrote: 
I'm doing a wireless pen-test and am able to use aircrack  to crack
the wep key, however, when I use Kismet, Cain, airdump etc.. I can't
get the SSID of a the access point if the SSID broadcast has been
disabled.  Does anyone know how to do this, or is there any tools that
will let you get the SSID even if its not being broadcasted.

Thanks,

Andrew

!DSPAM:41c723d1225102275466979!


Ok, hidden SSID must not be considered as a security feature. Because SSID (wireless network name) is not only sent in beacons ( Network announcement frames), but in probe/responses, association and reassociations frames too.

You can disable SSID in beacon frames only. All other management frames contains the SSID or the network.

There are many ways to discover the hidden SSID

- Forge DISASSOCIATE frames, to a station seaming to come from the ACCESS POINT, so the station tries to reassociate (and send the SSID)
- Reboot a client, so it reassociate when it initialize (if you have physical access to equipements)
- RF jam (interferences) a client so it tries to reassociate (and expose SSID)
- Install a fake Access point near a client with weak signal so it tries to roam (probe requests will be sent).

Hope that helps.


--
Olivier Fauchon
GNU/Linux Systems Specialist
Certified Wireless Network Administrator

Email: olivier@aixmarseille.com
Web: http://www.aixmarseille.com



[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: pwdump 2 & 3, Barrie Dempster
Next by Date:  Re: delving deeper, GuidoZ
Previous by Thread:  Re: Wireless SSID discovery, Michael Puchol
Next by Thread:  RE: Wireless SSID discovery, Todd Towles
Indexes:  [Date] [Thread] [Top] [All Lists]