Subject: Re: Re: Secure my NetBSD hostap
To: Todd Vierling <>
From: Joel CARNAT <>
List: netbsd-users
Date: 10/20/2004 12:33:22
On Tue, Oct 19 2004 - 19:25, Todd Vierling wrote:
> On Tue, 19 Oct 2004, Joel CARNAT wrote:
> > * How (if possible) can I disable the SSID broadcast (on the NetBSD hostap) ?
> If your Windows machines includes WinXP or Win2003, "don't do that," as it
> causes WinXP/Win2003 Wireless Zero Configuration to crap out periodically if
> any other network appears in range.  For some reason it relies on periodic
> broadcast of the SSID as a "network is still good" indicator.  (References
> available if you meed them.)
> Besides, removing broadcast is rarely useful, as any trivial 802.11 sniffer
> can pick up the network name easily.  Might as well just leave it on.

 well, the next step idea was to enable IPsec, so that sniffer couldn't get traffic for
 established connection.

> > * Is broadcast enabled on wifi "workstation" (netbsd w/o hostap mode, or windows) ?
> >   aka, when some windows is configured (by hand), does it broadcast SSID too ?
> WinXP/Win2003 always echoes back the SSID when doing network discovery (no,
> there is really no such thing a "by hand" configuration anymore on those),
> making disabling broadcast worthless at best.

 hum... OK, so I won't disable SSID broadcast.
 now that I've enabled IPsec (,
 I understand all traffic between workstation and the gateway go through the VPN and
 aren't sniffable for SSID and nwkey recovery, correct ?
 If my thoughts are corrects, windows won't publish any infos "clearly".
 But what about the gateway ? I understand setting ipsec.conf forces IPsec connection
 with the specified IP but does it disable any connection with anything not specified in this file ?

 I will go on with googling on this subject but n+1 answers/ideas is better than n ;)

> -- 
> -- Todd Vierling <> <>


,-- This mail runs ---------.
`-------- OpenBSD/sparc64 --'