Below is a relevant article for your consideration. Windows XP Spills the Beans on Wireless Access Points
December 11, 2002 By: Brett Glass Now that "war driving" -- searching for wireless LANs -- has become a popular pastime, many Internet service providers and businesses have begun to hide their Wi-Fi access points by preventing them from advertising an SSID (service set identifier). If this is done, only systems that know the access point's SSID can log onto the network. Unfortunately, the Wi-Fi software that's built into every copy of Windows XP "spills the beans" on access points' hidden SSIDs. According to this security advisory, XP keeps a list of all the access points to which it has ever connected. Then, when it starts up (or if it's out of range of any access point), it sends out inquiries to find out which ones are in range. Since the inquiries contain the SSID of each access point, it's easy to sniff out the hidden SSID. XP's behavior also makes another sort of security breach possible. If one extracts the SSID from an XP inquiry packet and then reprograms an access point to have that SSID, it's possible to "spoof" the XP machine into believing it has connected to a familiar network. One can then intercept, and snoop on, any traffic that the machine exchanges with the Internet. The WEP (wired-equivalent privacy) encryption scheme makes this sort of spoof a bit harder to implement, but not much. Tools are readily available to break 40-bit WEP in a few minutes, and 128-bit WEP keys can be broken in a few days. I hope this helps Paul Cronin Atrion -----Original Message----- From: James Savage [mailto:[EMAIL PROTECTED] Sent: Friday, March 12, 2004 9:19 AM To: [EMAIL PROTECTED] Subject: [WIRELESS-LAN] locating 'hidden' SSIDs etc. Hi, Has anyone found a method of identifying the presence of hidden (non broadcast) SSIDs? NetStumbler locates all broadcast SSIDs but not hidden ones. The alternative, I guess, is to go the spectrum analyzer route and look for sources in the 2.4g range. There was a discussion quite some time ago (end of '01) about these devices. Does anyone have some recent advice/suggestions. ....thanks in advance........Jamie James Savage York University Senior Com. Tech. 108 Steacie Bldg. [EMAIL PROTECTED] 4700 Keele Street phone: 416-736-2100 ext.22605 Toronto, Ontario fax: 416-736-5701 M3J 1P3, CANADA /\ /\ /\ /\ / \ / \ / \ / \ \ / \ / \ / \/ \/ \/ ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
