lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070130050841.GC6637@jm.kir.nu>
Date:	Mon, 29 Jan 2007 21:08:41 -0800
From:	Jouni Malinen <jkmaline@...hut.fi>
To:	Larry Finger <larry.finger@...inger.net>
Cc:	Dan Williams <dcbw@...hat.com>,
	Johannes Berg <johannes@...solutions.net>,
	netdev <netdev@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: Hidden SSID's

On Mon, Jan 29, 2007 at 10:52:20PM -0600, Larry Finger wrote:

> When an AP has a hidden SSID, ieee80211 fails, at least with wpa_supplicant,
> which searches through the scan data looking for a particular ssid. Because
> ieee80211 has substituted a false ssid, namely "<hidden>", wpa_supplicant
> cannot authenticate. This behavior is fixed by adding a new argument to
> ieee80211_translate_scan that contains the expected ssid.

Would this be replacing the SSID of all BSSes in scan results with the
SSID for which the latest per-SSID scan was issued? If yes, this does
not sound any better than the current behavior. The driver/802.11 code
should not replace the SSID value with anything else than the value
received from the AP.

In case of hidden SSIDs, the 802.11 implementation should maintain a
list of BSSes found during the scan(s) and update the SSID (in most
cases, by creating a new BSS entry) with the SSID from Probe Response
frames. In other words, if the scan is done for a specific SSID (Probe
Request includes that SSID), the AP that is using hidden SSIDs will
likely include the SSID in Probe Response and data from that Probe
Response can be used to fill in the missing pieces for the <BSSID,SSID>
pair.

Generating false scan results by locally guessing what the SSID
could be is just plain wrong. The scan results need to be based on real
frames from the APs.

-- 
Jouni Malinen                                            PGP id EFC895FA
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ