PDA

View Full Version : Why is SSID broadcast required to be on?



Kiwi
2006-11-07, 13:39
After a few tries to get my SB3 working wirelessly I realized that it requires SSID broadcast to be enabled. This is poorly documented and I don't understand why it needs to be enabled.

Siduhe
2006-11-07, 13:45
AFAIK it is perfectly possible to get the SB to connect without SSID being broadcast, but if you hide the SSID, then you have to tell the SB the name of the network to connect to and make sure you enter it correctly.

Is there a particular reason you want to hide your network name ?

From the wiki:

SSID
The SSID is simply a name that you give your network. This can be hidden, but is visible by default. Most people think that hiding it does not increase security, and it can be inconvenient to hide it. If it is not hidden, the Squeezebox will see the network automatically. If it is hidden you will have to enter the name of the network, which provides another place for a user to enter an address incorrectly.

If have hidden your SSID, and are therefore entering it manually into the Squeezebox, make sure you have the right Case - it is Case Sensitive! (FRED is not the same as fred).

MrC
2006-11-07, 14:06
> After a few tries to get my SB3 working wirelessly I realized
> that it requires SSID broadcast to be enabled. This is poorly
> documented and I don't understand why it needs to be enabled.
>
>
> --

It isn't required. Some APs have trouble when SSID broadcast is disabled
for some wireless NICs. Try enabling SSID until your SB has connected, then
once connected, disable it again.

Siduhe
2006-11-07, 14:31
Did I imagine it, or is there some research that suggests that hiding your SSID can adversely affect wireless network performance ? I honestly remember reading something to that effect a few months ago, but can't find whatever I was looking at now.

I'm also reminded of the time that one of our clients brought his laptop into a meeting room at work and accidentally connected to our local wireless network which had a hidden SSID, but someone from the IT department had thoughtfully named "bigc**k". Many a true word, I guess...

;-)

Eric Seaberg
2006-11-07, 20:26
I don't broadcast my SSID and don't have any problems with Squeezebox, Transporter or any computer... you just have to enter the name on the device.

I also use 64-bit WEP and the MAC address must be entered in the access point for anything to connect. It's a lot of grief, but VERY secure. Again, no problems with Slim boxes.

Mark Lanctot
2006-11-07, 20:33
I also use 64-bit WEP and the MAC address must be entered in the access point for anything to connect. It's a lot of grief, but VERY secure.

Err, 64-bit WEP can be cracked in as little as two seconds using aircrack (http://www.aircrack-ng.org/doku.php).

Also MAC spoofing is fairly easy.

Try WPA-TKIP or WPA2-AES with a strong password. The only attacks I'm aware of for WPA or WPA2 involve dictionary attacks - so use a password that would not be found in a dictionary.

Incidentally, my Squeezebox2, Squeezebox 3 (now sold) and Transporter all work fine with WPA2-AES.

And again, SSID hiding is security by obscurity. 802.11b/g uses several other methods for transmitting SSID, and transmits it unencrypted, hiding it only removes 1. It's like removing the numbers from the front of your house hoping it won't be burglarized. Your house is still sitting there, and your front door can still be seen, and your name and number may still be in the phonebook...

That said, I disable SSID. It deters casual/accidental connections from neighbors and the like. But it will not hinder a determined attacker.

Mitch Harding
2006-11-08, 11:59
I'm pretty sure that's the default SSID for most wireless networking
products. :) Although I can't imagine why you'd want to hide such a name!

On 11/7/06, Siduhe <Siduhe.2gx90b1162935301 (AT) no-mx (DOT) forums.slimdevices.com>
wrote:
>
> I'm also reminded of the time that one of our clients brought his
> laptop into a meeting room at work and accidentally connected to our
> local wireless network which had a hidden SSID, but someone from the IT
> department had thoughtfully named "bigc**k". Many a true word, I
> guess...
>
> ;-)
>
>
> --
> Siduhe
> ------------------------------------------------------------------------
> Siduhe's Profile: http://forums.slimdevices.com/member.php?userid=723
> View this thread: http://forums.slimdevices.com/showthread.php?t=29499
>
>

Kevin O. Lepard
2006-11-09, 18:33
>After a few tries to get my SB3 working wirelessly I realized that it
>requires SSID broadcast to be enabled. This is poorly documented and I
>don't understand why it needs to be enabled.

It doesn't. I have one of my SB2's connected wirelessly using WPA
with SSID broadcast disabled, and I've done this with an SB3, too.

Could it be something else? E.g., type of encryption, etc?

Kevin
--
Kevin O. Lepard

Happiness is being 100% Microsoft free.

mvordeme
2009-01-11, 19:06
This seems the proper discussion for my question although it seems pretty old. When I set up the controller of my Duet, I had SSID broadcasting enabled in order not to have to enter the SSID manually. Once everything was set up I disabled the broadcasting again, but then the controller was no longer able to connect to the network although it was still being displayed in the list of networks.

Is SSID broadcasting required in general or just if it was enabled during setup? Somehow, I do not fancy entering my WPA key a second time ...

Thanks for your help,
-- mvordeme

toby10
2009-01-12, 03:51
This seems the proper discussion for my question although it seems pretty old. When I set up the controller of my Duet, I had SSID broadcasting enabled in order not to have to enter the SSID manually. Once everything was set up I disabled the broadcasting again, but then the controller was no longer able to connect to the network although it was still being displayed in the list of networks.

Is SSID broadcasting required in general or just if it was enabled during setup? Somehow, I do not fancy entering my WPA key a second time ...

Thanks for your help,
-- mvordeme

Should not be required, I do not broadcast my SSID and it reconnects by itself without issue. Also works if choosing my SSID from the list of found networks.

Did you try manually reconnecting by choosing your SSID from the list? Your WPA key should still be in there on the following screen.

mvordeme
2009-01-12, 04:48
Actually not because the screen showed only 8 characters of WPA key and I did not want to lose it. I can try that again, tonight.

Thanks for your help,
-- mvordeme

Uluen
2009-01-12, 05:21
There is NO point in disabling SSID broadcast, not for security anyway.

mvordeme
2009-01-12, 09:32
I know, but I prefer to.

Meanwhile, I solved the problem. As long as the controller was using the network configuration I set up when the SSID was still broadcast, there was no way to connect it to the WLAN. (I don't know how I managed to get to the WPA key entry screen yesterday. It did not happen again.)

By the way: The Squeezebox itself connected to the network without any problems.

So I decided, to remove the network configuration and enter the SSID and the WPA key (again), manually. This worked. Now, the controller connects to the network without problems.

I can only think of one explanation: If you configure the network while the SSID is broadcast, the controller does not remember all necessary network parameters (i.e. the type of encryption) because they can be retrieved at any time. When the SSID is no longer broadcast, it does not know how to connect. If you configure the network manually, you have to tell the controller everything in detail, and the problem disappears.

This sounds like something that could be easily fixed.

Thanks for your help that encouraged me to try entering everything again.

Regards,
-- mvordeme

Phil Leigh
2009-01-12, 09:46
I know, but I prefer to.

Meanwhile, I solved the problem. As long as the controller was using the network configuration I set up when the SSID was still broadcast, there was no way to connect it to the WLAN. (I don't know how I managed to get to the WPA key entry screen yesterday. It did not happen again.)

By the way: The Squeezebox itself connected to the network without any problems.

So I decided, to remove the network configuration and enter the SSID and the WPA key (again), manually. This worked. Now, the controller connects to the network without problems.

I can only think of one explanation: If you configure the network while the SSID is broadcast, the controller does not remember all necessary network parameters (i.e. the type of encryption) because they can be retrieved at any time. When the SSID is no longer broadcast, it does not know how to connect. If you configure the network manually, you have to tell the controller everything in detail, and the problem disappears.

This sounds like something that could be easily fixed.

Thanks for your help that encouraged me to try entering everything again.

Regards,
-- mvordeme

And that is why you should leave SSID broadcast enabled - it's there for a reason.

tedfroop
2009-01-12, 10:50
If you have ever tried tools like Netstumbler you will quickly find that hiding your SSID is useless.
Tried hiding the SSID with all the wireless units I have had (for fun) and Netstumbler comes back with the SSID just as fast regardless of the fact its "hidden" or not. If a piece of free software does that then you are not protecting anything by hiding the SSID.

The only thing hiding the SSID does is create connectivity problems.

Wireless is a RADIO. The only way to keep it hidden would be to line the building its in with RF blocking material.

mvordeme
2009-01-12, 16:20
All this has already been discussed in full above, and by no means did I intend to re-kindle that philosophical discussion once more. I am using NetStumbler myself and I do not dispute your conclusions.

Nevertheless, I hope that I was able to contribute to the exploration of the mystery of why hiding the SSID works for some people while for others it fails, and maybe my experience can aid those who prefer to hide their SSIDs despite the inherent uselessness.

Regards,
-- mvordeme

Mnyb
2009-01-12, 16:36
People mixes apples and oranges in this tread.

hiding SSID work flawlessly with the older products, but not perfectly with the controller as you have discovered.
You can get it to work but you must "forget" the old settings and start over.
It did not work at all initially, they where happy with this functionality when the bug was fixed you have to redo your settings when you hide the SSID.

If you want switching SSID broadcast on and off to work, you could file a bug on it.

mvordeme
2009-01-12, 16:43
I had hoped that with the current settings, I would be fine regardless of whether the SSID is broadcast or not. Would I have to redo the settings again if I switched SSID broadcasting back on?

Thanks and regards,
-- mvordeme

Mnyb
2009-01-12, 16:47
I had hoped that with the current settings, I would be fine regardless of whether the SSID is broadcast or not. Would I have to redo the settings again if I switched SSID broadcasting back on?

Thanks and regards,
-- mvordeme

actually i dont know i broadcast my SSID these days, my golden rule with setup in SBC/SBR if it works don't touch :) I do update fw regurarly but I have never reset my networks settings as they do work.

CatBus
2009-01-12, 17:28
Please excuse me for being pedantic if you already know this, but I'm not sure this has been spelled out clearly:

Disabling SSID broadcast is WORSE than ineffective. It actually reduces the security of your mobile wireless devices. If you disable SSID broadcast, you are INTRODUCING a vulnerability into your systems that wasn't there before, and not getting anything in return.

Also, the relevant wireless specs state that a wireless device may refuse to connect to an access point that does not broadcast its SSID. In practice, they tend to connect initially and then fail to periodically reconnect under various circumstances. This is NEVER A BUG and if the device manufacturer actually "fixes" this issue, they are simply doing you a favor, nothing more.

That said, you may do whatever you like with your own networks. I simply hope that you don't do anything based on all-too-common misconceptions about wireless security.

mvordeme
2009-01-12, 17:38
Thanks for being pedantic ;). If it has been spelled out clearly before, I have not come across it. I am interested in learning more about the nature of the vulnerability introduced by hiding the SSID. If that would lead too far in the current context, could you please hint me at some documentation?

Thanks and regards,
-- mvordeme

CatBus
2009-01-12, 17:49
Thanks for being pedantic ;). If it has been spelled out clearly before, I have not come across it. I am interested in learning more about the nature of the vulnerability introduced by hiding the SSID. If that would lead too far in the current context, could you please hint me at some documentation?

Thanks and regards,
-- mvordeme

Here you go:

http://www.networkworld.com/columnists/2007/030507-wireless-security.html

It's what the article refers to as the KARMA attack. Basically because the access point doesn't have a beacon, your devices constantly check for the presence of this SSID (and in effect become SSID beacons in their own right). Then an attacker knows your SSID and that your device will automatically connect to that SSID, and they can impersonate your WAP and at that point they can do all kinds of nasty things--DNS poisoning and password sniffing being the most obvious.

Goodsounds
2009-01-12, 18:01
I'd been told (by someone knowledgeable) to not turn SSID off, but didn't know why. Thanks for the enlightenment, even though the explanation comes from a former owner of a 1975 Gremlin (see end of article).

mvordeme
2009-01-12, 18:10
Thanks for the quick reply. You should add that in order to benefit from the SSID broadcasting, you should uncheck the "Connect even if this network is not broadcasting" option for this network on Windows clients. Otherwise, the Windows clients will still be vulnerable to the KARMA attack.

Maybe this is exactly what happens with the SBC if you configure the network automatically: It does not broadcast the SSID and thus cannot connect if the access point stops broadcasting, too. If this is the case it would be more secure to use the automatic network configuration. The SBR would still broadcast, regardless.

I have switched the SSID broadcasting back on and can confirm that the SBC can still connect to the network with the configuration I set up earlier tonight. As of now, I will leave it at that, but I am sure that I am going to redo the configuration once more, soon.

Thanks for all your help. I have learned something today.

Good night,
-- mvordeme

androidtopp
2009-01-13, 18:48
From a totally non-squeezebox side of things, the argument I have heard against disabling SSID is this - when not connected to a wireless access point, your laptop/computer/SB/whatever will broadcast packets, basically asking over and over again "is SSID whatchamajig out there?" Someone sniffing packets can then determine your SSID. Now, what they could do with this, I don't know. But there you go.

Now, from a practical perspective, as a consultant who might be in five different buildings and on five different APs on any given day, when I return to my actual office (which has a non-broadcasted SSID) I have had both XP and Vista laptops fail to connect my WiFi. Since neither seem to have a "For serious, connect to this non-broadcast SSID NOW-STYLE" button, I end up changing SSID priority in the wireless card settings...and it magically works. So, I'm an advocate of broadcasting SSID simply becuase that problem goes away.

I really don't have anything to say on the subject of hidden SSIDs and SB devices...

CatBus
2009-01-13, 21:24
Here's a simple illustration of what's being done now, and how a much more subtle variant is possible against those who don't broadcast their SSID:

There have already been reported cases of less-sophisticated "hostile access points" in public places. i.e. you go to an airport or hotel and there's some access point somewhere with the SSID "FreeWiFi" (or something similar). You either assume it's run by the establishment or you don't care as long as it can get you on the Internet. You connect to it, do some work, and then move on.

Most if not all of the Internet traffic to and from your computer passed in plaintext through this hacker's access point. At the very least, he would have an automated process that scans for usernames and passwords. He could also poison your DNS, so that you go to websites under his control instead of the ones you intend to go to. This could be as simple as a malware injection or as complicated as a man-in-the-middle e-commerce or e-banking impersonation attack, which could even work against SSL-protected sites.

The problems with this attack are that the user must choose to connect to this access point, and the access point must broadcast its SSID, which could cause the hacker, or at least the access point, to be physically located. Luckily for this type of hacker, most places do not normally scan for rogue access points, and many users are easy to fool.

However, if your laptop announces "I'd like to connect to MyWiFi" whenever it's turned on, a particularly clever hacker could modify his access point so that its SSID was MyWiFi, and they don't even need to broadcast it. Your computer will connect to it without asking you, and by the time you ask yourself "Wait a sec...how am I even connected to the Internet?" you've already given them a lot to play with.

And that's the attack vector. Now the attacker's rogue hidden SSID can be discovered just like your home's hidden SSID (an SSID is never hidden if the network is being used at all), so they're not invulnerable. But as I said, most places do not scan for rogue access points at all, let alone know how to scan for a hidden SSID, and it's even less likely they'd choose to scan at the exact moment you're using the rogue access point, which is the only time it would be visible.

Whew.

mvordeme
2009-01-14, 02:18
What happens with the WPA key? Can the hacker read my WPA key that way or will the connection fail because the WPA keys do not match?

Mark Lanctot
2009-01-14, 06:45
What happens with the WPA key? Can the hacker read my WPA key that way or will the connection fail because the WPA keys do not match?

WPA/WPA2 keys are always encrypted - very strongly.

Do make sure to use a key that won't be found in a dictionary, because a standard WPA/WPA2 attack involves entering in every word from a dictionary sequentially as a passphrase.

Also there is a weak vulnerability in WPA-TKIP (mitigated by use of a long, complex passphrase) that doesn't exist in WPA2-AES.

See http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Security_in_pre-shared_key_mode

androidtopp
2009-01-14, 07:44
Right - I think the attack catbus refers to would work only if you were trying to connect to an unencrypted access point. But I could be wrong there.

mvordeme
2009-01-14, 08:49
That would depend on the protocol (and could be easily tested if I was not lazy). If the client will use the key only if required, the attack could still be successful in encrypted networks.

CatBus
2009-01-14, 09:03
If the client will use the key only if required, the attack could still be successful in encrypted networks.

That's correct. Clients would, in an attempt to "fail gracefully", see that their SSID suddenly no longer required a WPA key and they'd just connect to it anyway. It would absolutely be more secure if the client saw that the AP didn't require WPA and refused to connect. That would make this attack impossible even against WEP protected networks.