Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Worth of hidden SSID?

  1. #1
    Junior Member
    Join Date
    Apr 2010
    Posts
    26

    Default Worth of hidden SSID?

    Newbie observation and question:

    I have been experimenting by NOT broadcasting my AP's SSID, and then sniffing/watching it using some aircrack tools. I have a VERY active network with

    wireless clients connected at least 1/3 of the time or more. Wow, I didn't know that when a wireless client associates with the AP the SSID becomes visible

    in airodump!! With no clients it shows <length> of course, but when I associate the wireless printer (or any client) my SSID shows up instantly. On an

    active wireless network that makes the "no broadcast" thing virtually useless.

    My question, and I am just trying to make sure I didn't miss something: I am assuming that ALL airodump screens from any hacker machine would see my SSID if

    an association happens. I am running a VM and using a seperate USB antenna with the laptop's wireless physically switched off to be certain its not

    connected for this experiment. Just trying to positively eliminate the notion that this laptop is already associated and that is why the SSID appears. As I

    understand the VM thing my motherboard should have no bearing on what I am seeing in airodump regarding the SSID showing up upon association.

    Is the SSID just there when an association is established? That would make not broadcasting quite worthless.

  2. #2
    Junior Member
    Join Date
    Apr 2010
    Posts
    29

    Default Re: Worth of hidden SSID?

    Correct, choosing not to broadcast your SSID will only keep the casual observers away from your network. Anyone with backtrack and a little knowledge will know how to kick a wireless client off of the network and watch it reattach -- thus, revealing the name of the hidden SSID.

    Quote Originally Posted by george8 View Post
    Newbie observation and question:

    I have been experimenting by NOT broadcasting my AP's SSID, and then sniffing/watching it using some aircrack tools. I have a VERY active network with

    wireless clients connected at least 1/3 of the time or more. Wow, I didn't know that when a wireless client associates with the AP the SSID becomes visible

    in airodump!! With no clients it shows <length> of course, but when I associate the wireless printer (or any client) my SSID shows up instantly. On an

    active wireless network that makes the "no broadcast" thing virtually useless.

    My question, and I am just trying to make sure I didn't miss something: I am assuming that ALL airodump screens from any hacker machine would see my SSID if

    an association happens. I am running a VM and using a seperate USB antenna with the laptop's wireless physically switched off to be certain its not

    connected for this experiment. Just trying to positively eliminate the notion that this laptop is already associated and that is why the SSID appears. As I

    understand the VM thing my motherboard should have no bearing on what I am seeing in airodump regarding the SSID showing up upon association.

    Is the SSID just there when an association is established? That would make not broadcasting quite worthless.

  3. #3
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Worth of hidden SSID?

    Hiding the SSID is not really going to help in protecting your network if targetted.

    The only thing is that it does do is put an additional layer of security on the network and then the
    'low hanging fruit' principle (attackers would usually go for the easiest victim) could apply.

    If the network was to be specifically targetted however, it is unlikely it will be an obstacle at all.


    If there is activity between the client and the AP (either normal network activity or simply probe requests) then the SSID will show up on airodump if correctly filtered to the specific channel you are monitoring.

    If there is a client connected, but no activity showing the SSID, then the client could be forced to disconnect / reconnect with either aireplay or airdrop for instance.
    Code:
    aireplay-ng mon0 0 -1 -a [bssid MAC] -c [client MAC]
    If no activity and no clients / printers etc. then mdk3 could be used to see whether the SSID is a
    dictionary term.
    Code:
     
    /pentest/wireless/mdk3/./mdk3 mon0 p -c [channel] -t [target bssid MAC] -f /path_to/ssid_wordlist
    If the above fails, then a more desperate measure could be to try and bruteforce the SSID with mdk3 ;
    Code:
    /pentest/wireless/mdk3/./mdk3 mon0 p -c [channel] -t [target bssid MAC] -b a -s 100
    Took me around 30 minutes to go through all characters for a 3 digit SSID, anything above 4 digits is not really worth trying with this method.

    So in short, you're better off having a strong encryption / password and not relying on hiding the ssid to make the network more secure.
    Last edited by TAPE; 05-25-2010 at 06:22 AM.

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default Re: Worth of hidden SSID?

    In addition to what TAPE said, using a completely passive wireless tool such as kismet will still show a hidden SSID when a client connects to the WLAN. The hidden attribute is only protection against active probes by clients that haven't associated with the WLAN previously. This will help protect you against programs -generally Windows applications- like the Windows Wireless Client or NetStumbler. Other than that, it's useless. Like WEP or MAC filtering, it is only effectively a 'No Trespass' sign. Honest people will respect it, but anyone with bad intent can go right around it.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Worth of hidden SSID?

    There is basically zero point in trying to hide your SSID. If someone wants to know it all they have to do is wait for a valid client to connect (one that knows the SSID), during the association process it is sent via plain text.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Junior Member
    Join Date
    Apr 2010
    Posts
    26

    Default Re: Worth of hidden SSID?

    I appreciate all the responses. At least I know my own conclusions were correct. I see little point in hiding the SSID. You know it could have a "reverse effect". Might be someone would think I wonder what is so important in that network that the user is trying to hide its contents?

    Sort of like many using a proxy for cloaking an IP. It makes sense but in a way it also draws attention because it sort of makes a person wonder what you are up to that needs a proxy.

  7. #7
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    5

    Default Re: Worth of hidden SSID?

    hey, i c everywhere ppl say you can deauth a station to reveal the hidden ssid, but the problem is when i use aireplay-ng -0 option, it waits for a beacon, and since a hidden ssid doesnt send any beacons, aireplay-ng fails to send deauth packets. Am I doing something wrong here? or it just doesn't work for this? any help would be appreciated.

  8. #8
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    2

    Unhappy Re: Worth of hidden SSID?

    I think I have a small solution here.
    If you have for essid something like "my essid" then you have 2 words seperated by space or in ascii code character 32.
    Instead of character 32 you can type character 255 (pressing left Alt and 255).
    Character 255 is a blank character and not same as space character...
    So everybody will find your essid but ain't login, except the know the 255 character!!!!

  9. #9
    Just burned his ISO
    Join Date
    Nov 2010
    Location
    anywhere
    Posts
    14

    Default Re: Worth of hidden SSID?

    Quote Originally Posted by GReekPower View Post
    I think I have a small solution here.
    If you have for essid something like "my essid" then you have 2 words seperated by space or in ascii code character 32.
    Instead of character 32 you can type character 255 (pressing left Alt and 255).
    Character 255 is a blank character and not same as space character...
    So everybody will find your essid but ain't login, except the know the 255 character!!!!
    this is a better solution for the SSID for many reasons

  10. #10
    Junior Member
    Join Date
    Apr 2010
    Posts
    26

    Default Re: Worth of hidden SSID?

    I actually just tried what greekpower suggested above. My AP will not allow that character in the SSID stating that it is an illegal character. I wonder if that error is unique to my AP?

    Has anyone else here tried to use the character 255 approach for their SSID? As I am typing in the Admin panel of the router it does "jump the space" and appear to be just a normal space, but when I go to save the changes the "illegal character" box pops up and it is disallowed on my AP.

    Anyone else here willing to try it and let me know? Thanks

Page 1 of 2 12 LastLast

Similar Threads

  1. WPA and SSID hidden
    By ferretrj in forum OLD BackTrack 4 (pre) Final
    Replies: 11
    Last Post: 12-31-2009, 03:13 AM
  2. Hidden SSID ???
    By dark_magician in forum OLD BackTrack 4 General Support
    Replies: 6
    Last Post: 09-05-2009, 08:29 PM
  3. Connecting to AP with hidden SSID
    By -=chili=- in forum OLD Newbie Area
    Replies: 1
    Last Post: 11-16-2007, 11:07 PM
  4. Discover a hidden ssid
    By Sir_Smoke in forum OLD BackTrack v2.0 Final
    Replies: 8
    Last Post: 09-06-2007, 09:41 AM
  5. Connect to WPA-PSK AES with hidden ssid
    By covaks in forum OLD Newbie Area
    Replies: 3
    Last Post: 08-01-2007, 07:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •