lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 30 Jan 2007 01:08:29 -0600
From:	Larry Finger <larry.finger@...inger.net>
To:	Jouni Malinen <jkmaline@...hut.fi>
CC:	Dan Williams <dcbw@...hat.com>,
	Johannes Berg <johannes@...solutions.net>,
	netdev <netdev@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: Hidden SSID's

Jouni Malinen wrote:
> On Mon, Jan 29, 2007 at 10:52:20PM -0600, Larry Finger wrote:
> 
>> When an AP has a hidden SSID, ieee80211 fails, at least with wpa_supplicant,
>> which searches through the scan data looking for a particular ssid. Because
>> ieee80211 has substituted a false ssid, namely "<hidden>", wpa_supplicant
>> cannot authenticate. This behavior is fixed by adding a new argument to
>> ieee80211_translate_scan that contains the expected ssid.
> 
> Would this be replacing the SSID of all BSSes in scan results with the
> SSID for which the latest per-SSID scan was issued? If yes, this does
> not sound any better than the current behavior. The driver/802.11 code
> should not replace the SSID value with anything else than the value
> received from the AP.

Any AP with a hidden SSID will only respond to probe requests that specify its SSID, and will ignore
any other probes. In addition, the response will have an empty SSID field. These responses are the
only ones in which a substitution would occur. These are the same responses where the current code
sends back the "<hidden>" pseudo-SSID. My change would put the correct one there.

> In case of hidden SSIDs, the 802.11 implementation should maintain a
> list of BSSes found during the scan(s) and update the SSID (in most
> cases, by creating a new BSS entry) with the SSID from Probe Response
> frames. In other words, if the scan is done for a specific SSID (Probe
> Request includes that SSID), the AP that is using hidden SSIDs will
> likely include the SSID in Probe Response and data from that Probe
> Response can be used to fill in the missing pieces for the <BSSID,SSID>
> pair.
> 
> Generating false scan results by locally guessing what the SSID
> could be is just plain wrong. The scan results need to be based on real
> frames from the APs.

We aren't guessing. The response frame with the empty SSID field must have come from the AP with the
SSID we want. Filling in the expected value is just making it easier for the user-space tools.

Larry

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ