Penetration Testing mailing list archives
Re: Wireless SSID discovery
From: Olivier Fauchon <olivier () aixmarseille com>
Date: Tue, 21 Dec 2004 01:04:29 +0100
Andrew Bagrin wrote:
I'm doing a wireless pen-test and am able to use aircrack to crack the wep key, however, when I use Kismet, Cain, airdump etc.. I can't get the SSID of a the access point if the SSID broadcast has been disabled. Does anyone know how to do this, or is there any tools that will let you get the SSID even if its not being broadcasted. Thanks, Andrew !DSPAM:41c723d1225102275466979!
Ok, hidden SSID must not be considered as a security feature. Because SSID (wireless network name) is not only sent in beacons ( Network announcement frames), but in probe/responses, association and reassociations frames too.
You can disable SSID in beacon frames only. All other management frames contains the SSID or the network.
There are many ways to discover the hidden SSID- Forge DISASSOCIATE frames, to a station seaming to come from the ACCESS POINT, so the station tries to reassociate (and send the SSID) - Reboot a client, so it reassociate when it initialize (if you have physical access to equipements) - RF jam (interferences) a client so it tries to reassociate (and expose SSID) - Install a fake Access point near a client with weak signal so it tries to roam (probe requests will be sent).
Hope that helps. -- Olivier Fauchon GNU/Linux Systems Specialist Certified Wireless Network Administrator Email: olivier () aixmarseille com Web: http://www.aixmarseille.com
Current thread:
- Wireless SSID discovery Andrew Bagrin (Dec 20)
- Re: Wireless SSID discovery marko ruotsalainen (Dec 21)
- Re: Wireless SSID discovery Andrew Bagrin (Dec 21)
- Re: Wireless SSID discovery Konstantin V. Gavrilenko (Dec 22)
- Re: Wireless SSID discovery Andrew Bagrin (Dec 21)
- Re: Wireless SSID discovery Christopher Blume (Dec 22)
- Re: Wireless SSID discovery Michael Puchol (Dec 22)
- Re: Wireless SSID discovery Olivier Fauchon (Dec 22)
- <Possible follow-ups>
- RE: Wireless SSID discovery Todd Towles (Dec 21)
- Re: Wireless SSID discovery Aaron Drew (Dec 22)
- Re: Wireless SSID discovery Seth Fogie (Dec 22)
- Re: Wireless SSID discovery Aaron Drew (Dec 22)
- RE: Wireless SSID discovery Rapaille Max (Dec 22)
- RE: Wireless SSID discovery Todd Towles (Dec 22)
- Re: Wireless SSID discovery marko ruotsalainen (Dec 21)