Subject: Re: Re: Secure my NetBSD hostap
To: Todd Vierling <tv@duh.org>
From: Joel CARNAT <joel@carnat.net>
List: netbsd-users
Date: 10/20/2004 12:33:22
On Tue, Oct 19 2004 - 19:25, Todd Vierling wrote:
> On Tue, 19 Oct 2004, Joel CARNAT wrote:
>
> > * How (if possible) can I disable the SSID broadcast (on the NetBSD hostap) ?
>
> If your Windows machines includes WinXP or Win2003, "don't do that," as it
> causes WinXP/Win2003 Wireless Zero Configuration to crap out periodically if
> any other network appears in range. For some reason it relies on periodic
> broadcast of the SSID as a "network is still good" indicator. (References
> available if you meed them.)
>
> Besides, removing broadcast is rarely useful, as any trivial 802.11 sniffer
> can pick up the network name easily. Might as well just leave it on.
>
well, the next step idea was to enable IPsec, so that sniffer couldn't get traffic for
established connection.
> > * Is broadcast enabled on wifi "workstation" (netbsd w/o hostap mode, or windows) ?
> > aka, when some windows is configured (by hand), does it broadcast SSID too ?
>
> WinXP/Win2003 always echoes back the SSID when doing network discovery (no,
> there is really no such thing a "by hand" configuration anymore on those),
> making disabling broadcast worthless at best.
>
hum... OK, so I won't disable SSID broadcast.
now that I've enabled IPsec (http://ezine.daemonnews.org/200401/wifi-ipsec.html),
I understand all traffic between workstation and the gateway go through the VPN and
aren't sniffable for SSID and nwkey recovery, correct ?
If my thoughts are corrects, windows won't publish any infos "clearly".
But what about the gateway ? I understand setting ipsec.conf forces IPsec connection
with the specified IP but does it disable any connection with anything not specified in this file ?
I will go on with googling on this subject but n+1 answers/ideas is better than n ;)
> --
> -- Todd Vierling <tv@duh.org> <tv@pobox.com>
--
,-- This mail runs ---------.
`-------- OpenBSD/sparc64 --'