[BAT] Closed APs

• Previous message: [BAT] Closed APs
• Next message: [BAT] Closed APs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, closed mode in the Lucent AP context disables beacons and doesn't
respond to broadcast probes. I'm almost finished setting up my 4.4-STABLE
laptop and I will definately try that with my AP here in the lab.

thanks
----- Original Message -----
From: "h1kari" <>
To: <>
Sent: Monday, November 19, 2001 1:43 PM
Subject: Re: [BAT] Closed APs


> On Monday 19 November 2001 13:11, you wrote:
> > What methods are people using to "find" these types of APs? All of the
> > conventional tools that I'm currently using are unable to "see" my
lucent
> > gear when it in "closed" mode.
>
> Mainly what I've been seeing people use in unix (wi-scan, freestumble,
> proprietary scripts, etc), is just setting the card to associate with any
ap
> (usually the default setting) and then polling the stats on the card to
see
> if you've associated with a network.. The main problem with this is that:
>
> - You cannot detect 2 aps in the same vicinity since the card
automatically
> associates with the ap with the highest signal strength.
> - You cannot detect adhoc networks (or at least distinguish them from bss
> ones through stat'ing the card).
> - You cannot detect mac filtered networks (since the card tries to
assocaite
> it's self with the ap, it needs to be in the mac filter rules in order to
do
> so).
> - You cannot get extra info about the ap easily (wep, beacon intervals,
> supported rates, etc -- you can determine wep on wavelan cards, but it's
> messy).
>
> Now answering your question.. I'm not familiar with the closed mode.. I'm
> assuming it doesn't send out beacon packets and respond to broadcast probe
> requests? As long as it does both of those, it should be invisible to most
> conventional scanning methods. However, one method an attacker could use
> would be to sniff for probe responses and authentication handshakes
between
> the ap and valid nodes authenticating with the network (implemented in
> dstumbler-v1.0-rc1 using prism2 monitor mode), so in theory it is still
> detectable, although much more difficult to detect. I'd be interested in
> having someone test this out and see if it in fact works or not, please
send
> results to the list if you decide to.
>
> Cheers,
> -h1kari
> _______________________________________________
> Bat mailing list
> 
> http://lists.dachb0den.com/mailman/listinfo/bat
>

• Previous message: [BAT] Closed APs
• Next message: [BAT] Closed APs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]