On Wednesday 18 May 2011 04:52:47 Genes MailLists wrote: > On 05/17/2011 12:36 PM, Frank Murphy wrote: > > Also if it's your home wLan, hide it, don't broadcast the ssid. > > So those in your neighbourhood won't even know you have a wireless. > > As many have pointed out - you should not disable SSID broadcast. > > Disabling it offers zero security benefit and makes wifi work less well > than it was designed. Especially when there are multiple AP's on the > same SSID. > > In fact hidden SSID may even worsen security. It also violates 802.11 - > and I believe later versions states that a computer may refuse to > connect to any AP which does not broadcast it's SSID in accordance with > the standard ... someone can confirm that I'm sure. > > For some reason this hidden SSID theory leaked from some bad well a long > time ago and has managed to survive ... who knows why. > > If you do it and find things (phones perhaps) refuse to connect to your > AP - dont be surprised. Late to the party, but just for useful information, disabling SSID broadcast is NOT a violation of of 802.11 :-) It's mandatory to put the SSID information element in your beacons, but there's nothing that says you have to tell the truth, and likewise no explicit prohibition against including multiple SSID information elements. Enterprise APs use this as a means to support multiple SSIDs on one BSSID, with each SSID mapped to a different VLAN (after association, the mapping is maintained by Association ID, not SSID), but there is of course a tradeoff as many stations do not understand more than one SSID in a beacon/probe response. Sending multiple beacons is a no-no; the medium is crowded enough as it is. The usual compromise is to advertise any "guest" SSID in the beacons (this also applies to encryption and other information), and to respond to probe requests which contain a particular SSID with the correct information for that SSID. A station which relies on being able to pick up the SSID off the air has a user-interface bug. One problem lies in the fact that 802.11 does not specify a particular means of giving a NULL SSID so different APs do it in different ways. Some give a zero-length SSID. Some give an SSID of length 1 consisting of a zero octet (a C null-terminated empty string). Some use a single ASCII 32. Some use a number of spaces equal to the length of the real SSID. You will thus find all sorts of rubbish in your list of available APs when looking at it using a station. Some of the older ones may Go All Funny :-( However, the SSID WILL be present in a probe response to a probe request which contained it, so it's available to anyone with a sniffer. This has to be the case or no stations would ever be able to find it to associate, as you obviously know :-) -- But while the ant gathered food, the grasshopper contracted to a point on a manifold that was NOT a 3-sphere... -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
