: iStumbler / sniffing question: finding (and closing) secure networks


HowEver
Jan 6th, 2007, 04:14 PM
I can understand that iStumbler (http://www.istumbler.com/) can sniff out my neighbours' 5 or 6 wireless connections, even the secure ones, since they might be broadcasting their SSIDs.

But I set my Airport Express to be "Closed," or hidden. Logging in requires going to Other... in the menubar dropdown, typing in the name of the network, the kind of security (WPA2 or WPA, depending on which computer I'm using), and then the secure password.

But iStumbler lists the Airport Express "name" right along with all the other neighbourhood networks, open or secure. Is this because I've told my computer how to find the network previously, or is iStumbler just that good, or something else? How do I really prevent the name from showing up in a list of networks?

TIA

monokitty
Jan 6th, 2007, 10:58 PM
Does your network show up in the list even if you're not connected to it? Uninstalled iStumbler, restart, and see if you can still see your network while not connected to it.

John Clay
Jan 6th, 2007, 11:07 PM
Most good stumblers will discover a so called 'hidden' wireless network. Thusly, disabling the SSID broadcast is really of no benefit at all if you are trying to prevent more than amateurs.

Chealion
Jan 6th, 2007, 11:15 PM
The name is appearing on the list because it already knows about the network. Even when a network doesn't broadcast it's name, information is still broadcast.

So if you were to use KisMac using the passive mode you can see the "hidden" networks but it can take a while (waiting for traffic or someone who knows about the networks to connect or disconnect). There's no way except to turn off the network altogether to stop it from being listed on passive scanners.

Most scanners work by default in "active" mode and thus won't show anything that doesn't broadcast the SSID (name) of the network.

EDIT: Drat. Tab lag.

HowEver
Jan 6th, 2007, 11:17 PM
iStumbler appears to find the network only when I've connected to it, as Lars suggests.

But my security is pretty good, if not infallible. In addition to being WPA/WPA2 only, a wardriver would need, in addition to the network name, the password--and to be one of the MAC-filtered addresses on the list that I've set in Access Controls using the Airport Admin Utility.

Still, it's strange to see the AE show up in a list like that in iStumbler.

But when I close Airport, and then connect to a neighbour's network on my laptop, iStumbler (closed and re-opened) doesn't see my network at all.

monokitty
Jan 6th, 2007, 11:19 PM
Based on that information, I think your network is pretty secure. Worried about any one thing in particular?

HowEver
Jan 6th, 2007, 11:28 PM
Based on that information, I think your network is pretty secure. Worried about any one thing in particular?

Not so much, I just think it's strange that iStumbler gets wind of my closed network, even if it is because I'm signed into it.

It's interesting to read about Kismac, also...

rgray
Jan 7th, 2007, 07:44 AM
Not so much, I just think it's strange that iStumbler gets wind of my closed network, even if it is because I'm signed into it.
I don't get why you think this strange. If you are signed on to the network, it is no longer "hidden" from you, is it?

HowEver
Jan 7th, 2007, 10:22 AM
No, what surprised me was iStumbler's capability to find a closed network (even if I was signed in to it).

I don't get why you think this strange. If you are signed on to the network, it is no longer "hidden" from you, is it?

rgray
Jan 7th, 2007, 04:47 PM
(even if I was signed in to it).
My point is that the network is not closed to you - as far as the logged in computer is concerned - if you are signed in!! :confused: