home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   alt.internet.wireless      Fun with wireless Internet access      55,960 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 55,741 of 55,960   
   Marian to Chris   
   Re: How to test if your access point BSS   
   07 Dec 25 20:14:47   
   
   XPost: misc.phone.mobile.iphone, alt.comp.os.windows-10, comp.mobile.android   
   From: marianjones@helpfulpeople.com   
      
   Chris wrote:   
   >> In that case, I can't see how they could claim not to have seen it; if   
   >> the SSID was in their system before it had the _nomap added, then surely   
   >> _with_ the _nomap added, it is a new SSID; the same if they'd _not_ had   
   >> it, and thus added it as a new one anyway. In both cases, at the point   
   >> they added it, they would see it.   
   >   
   > Not if the SSID is hidden.   
      
   But they can always see that the SSID is hidden in the AP beacon frames.   
   Also in the AP probe response frames (e.g., to a wildcard probe).   
      
   Wi-Fi access points typically broadcast beacon frames every 102.4   
   milliseconds (about 10 times per second), at least by default.   
      
   Those beacon frames, for a hidden SSID, contain a null/blank SSID.   
   It's what Mozilla security researchers told me they key on for this:   
        
      "Mozilla's client applications do not collect information   
      about WiFi access points whose SSID is hidden or ends with   
      the string '_nomap' (e.g. 'Simpson-family-wifi_nomap')."   
      
   More to the point, if they bother to look at the access point responses to   
   the client authentication requests, they can see the SSID in cleartext.   
      
   The AP responds with the SSID in cleartext in response to probe requests   
   but only when a client actively probes with the correct SSID. This could   
   happen now, later, or even never.   
      
   In summary, Apple's WPS would know the SSID only if it looks at   
    1. AP probe response frames sent in reply to a client probe request   
   This is the only AP frame that reveals the SSID string when hidden.   
      
   The hidden SSID is not sent in cleartext in AP frames such as   
    2. AP beacon frames broadcast every 102.4ms   
    3. AP authentication/association responses sent during client connection   
      
   Hence, if you connected your desktop PC to the access point a month ago and   
   if you never needed to reconnect, there are no frames containing the SSID.   
      
   It's only if you connected while the Apple WPS system is listening that the   
   AP probe response will contain the SSID in cleartext.   
      
   Note I have plenty of Apple devices, so that's a given it will happen.   
   Also note I have autoconnect turned off, but family members have it on.   
      
   Since hidden SSIDs don't appear in beacons, the device can't discover them   
   passively. To find them, the client must send directed probe requests with   
   each SSID in its saved list.   
      
   So the difference is: with autoconnect ON, the SSID leaks continuously   
   through AP probe responses; with autoconnect OFF, the SSID only leaks at   
   the moment of a manual connection.   
      
   This means, in practice, with any client device set to the typical   
   defaults, the Apple WPS system *does* know what the SSID is even if the   
   random iOS/Android mobile device only is looking at the AP frames (and not   
   at the client frames).   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca