Re: 'Closed' mode


From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-04-13 15:11:37 UTC



On Fri, Apr 12, 2002 at 08:29:54AM -0700, Michael Codanti wrote:

> Lucent and Cisco APs support a 'closed' mode in which they don't broadcast
> the SSID, and then they don't show up in scans, etc... Does the HostAP
> driver support this? If so how do I turn it on?

No, it does not and I do not even know how it could be done without changing firmware code.

On Fri, Apr 12, 2002 at 04:41:37PM -0400, Peter K. Lee wrote:

> That is not necessarily true... They might not broadcast the SSID (i.e.
> not send out beacon frames), but you could still get it to show up in
> scans...

'Closed mode' usually means that the beacon frames are still broadcast, but the SSID element of them is hidden (zeroed or removed; I haven't checked that). In addition, the AP might not send probe responses to probe requests that do not have the correct SSID.

> But as to your question, I'm not entirely sure HostAP supports it, I'm
> fairly sure it CAN, since all that needs is to set the beacon interval
> to be something like infinity, or just off altogether...

No, that would break things; beacons are needed. Furthermore, I do not know how to remove beacons completely. Firmware seems to have limits on beacon interval being between 1 and 4096 (4097 behaves like 1, but sets the longer interval in the actual frame). In other words, there will be beacons - once per about four seconds at lowest frequency.

> so far, and I'm not entirely sure 'closed' mode is really anything but a
> marketing gimmick to make it seem more secure when it really isn't...

Yes.. It's exactly that. Assuming there are any authorized stations around, you just need to send one broadcast deauthentication frame using the AP's hwaddr (that can be sniffed from the AP's beacon frames) and the stations kindly provide you with the SSID in probe requests or association requests. In addition, if the network uses WEP and shared key authentication, you will get a suitable known plaintext-cryptotext pair for authenticating your station.

'Closed mode' might keep random bypassers away from the AP, but it does not really add any security.

On Fri, Apr 12, 2002 at 08:59:07PM -0400, Peter K. Lee wrote:

> On that note, I haven't been able to figure out the purpose of 'beacon
> frames'... Other than a silly way to tie up processor usage on network
> cards...

They are used for synchronizing operations in the network. For example, power saving mode uses them so that stations can sleep most of the time and wake up every now and then to check whether there is any waiting frames for them (beacons have bitvector that indicates this).

-- 
Jouni Malinen                                            PGP id EFC895FA


This archive was generated by hypermail 2.1.4.