Do you use your ISP created SSID?

Using Acrylic Wifi on my laptop I can see a number of other SSIDs, mostly with names beginning BT.. , there is one SKY.,, and one 1-CYBI-1... what ever that is. In a way it is a form of ISP advertising. So do you an ISP provided SSID or do you make up your own name?

I don't have ISP supplied wi-fi but wouldn't use the default SSID if I did.

Right now, here in congested suburbia, I can see the following ISP identifiable SSIDs;

6 x BTHub
1 x EE-Brightbox
1 x O2wireless
11 x Sky
12 x TALKTALK
1 x virgin

I also see occasional visitors like;

Uber Driver
TaxiLinQ
AddLee Wi-Fi

...and there are lots of other SSIDs which don't fall into the categories above, some of which provide information about the platform such as iPod, iPhone or Android.

There's even MB Hotspot which opens up some interesting possibilities

Over 20 separate devices are using channel 6 so congestion's a bit of a problem on 2.4GHz.

Edited by caffn8me (Sat 22-Oct-16 00:51:21)

Always use my own, but then again I use my own kit too. ISP router is just for error checking process if needed.

Always use my own so that when I change routers I can just change the SSID/Password on the router's Wi-Fi and not every other device in the house.

Also, I guess it shows that you're not using the default settings in case of any security flaws are found on a particular ISPs kit.

I don't think the SSID really matters anyway apart from the two reasons you give regarding just altering new routers to the one your other kit is set to.

A robust non-default wifi password and router login password are far more important.

On the SSID front, I think that leaving a default ISP provides splendid anonymity.

I use the default SSIDs most of the time. I just turn off WPS but keep the rest the same.

When I moved from TalkTalk to EE last year, I did set up the new EE router with the old TalkTalk SSID and password - that was for compatibility reasons - easier than entering new WiFi password on all devices. That confused the EE support people, though, when I phoned them - they suggested I changed my SSID back to EE default

Anything other than 'What lights are showing on the Brightbox' confuses EE support. Seriously , they cannot comprehend anyone using another router.

I am surprised that they knew that the SSID had been changed. Did they find out through their remote router management?

Agreed about the anonymity, for such as the BT range, where there likely to be several to help confuse.

I was given a router where the SSID had been changed to the full street address of the user!

Apart from odd tests, I have not used it.

In reply to a post by eckiedoo:

I was given a router where the SSID had been changed to the full street address of the user!

I've also heard of cases where people deliberately name their wifi networks to humiliate neighbours eg

Jane@no9_bonking_Les@no3 LOL

Almost incredible!

For a laugh, Google: funny ssid

Cheers!

I have just being changing my SSID because it had a space in it and my router lost whatever was after the space, each time it restarted!

I generally use police van #2 when i was younger ect

now its just like TPlink router or whatever.

My Andrews & Arnold supplied SSID contained a full stop character, which was fine on their supplied Billion router, but was not acceptable to my DrayTek Vigor 2920Vn. So apparently there is not a standard character list for SSIDs?

You experience with a space character is interesting.

Cheers!

I used to have a custom SSID and password.

The reasons I stopped are as follows:
1) The virginmedia superhubs (especially first model) would routinely factory reset, so you'd end up back to the factory SSID. So maintaining it was a headache.
2) When I got TalkTalk their router did not support characters such as ! as part of the WPA2 password. My custom password had a tonne of random characters, which meant it was a huge headache to use the same SSID with TT, as I'd have to go into each device and forget the old profile for the machine to associate with the same SSID and new password.

It was actually easier to just keep the default SSID and reconnect.

I do kind of have a custom SSID on BT, in that I hit the "separate bands" button for 2.4 and 5Ghz and it automatically put -5 on the end of the 5Ghz SSID...

In reply to a post by Michael_Chare:

I am surprised that they knew that the SSID had been changed. Did they find out through their remote router management?

Ooh, I've missed that question, sorry. Yes, EE support are notorious for connecting to your router via remote management whenever you call them, and not asking for a permission. Here's one example of a conversation I had:
Me: my BrightBox range is too large, is there a way to reduce transmit power?
Sup: I am having trouble connecting to your router, could you power it off and on?
Me: I don't want you to connect just now, just tell me how it's done.
Sup: It is not possible.
End.
(it's a bit of an off topic, sorry)

In reply to a post by Ancient_Mariner:

For a laugh, Google: funny ssid

Cheers!

Oh I liked the following ones:
FBI Surveillance Van #119871
It Burns When IP
IP_Freely
Honeypot <-- Loved that one
Mi-Fi, not your-fi

There are loads of them

Paul

The EE Bright Box 2 arrived already set up with the basic SSID, EE-abcdef, on 2.4 GHZ; and the 5 GHz being similar but with 5GHz-EE-abcdef.

When I added a BT Repeater, it automatically generated ETX2-EE-abcdef

Quick, quick .... all round Eckie's place for free wifi ...... the password is QLT

The BT repeater SSID can be manually changed to be the same as the main SSID thereby allowing devices to seamlessly switch.

If you set the BT repeater in 5Ghz mode you may find regular drop outs, the new ones have a firmware issue where they drop out when the slider is not on 2.4Ghz - sadly has been this way for over a year.

As I am surrounded by much open space, I am likely to spot you, unless you disguise yourself as a BT OR Engineer, at the FTTC about 10 Metres away or the PCP about 40 Metres away.

In which case, I will come out for a chin-wag.

Thanks.

Zarjaz doesn't need any disguise!

Good one!

Almost incredible!

Yep, that Les is a right minger.

Not only do I use my own SSID but I make sure I don't broadcast it as well.

In reply to a post by Spuriousfish:

Not only do I use my own SSID but I make sure I don't broadcast it as well.

You turn off the broadcasting of the SSID your devices won't connect.
The SSID beacon tells the wireless devices of what channel to use etc, so without that nobody will be able to connect.

Paul

You turn off the broadcasting of the SSID your devices won't connect.

Not true because I know what my SSID is so I can enter this into my devices.

The SSID beacon tells the wireless devices of what channel to use etc, so without that nobody will be able to connect.

Precisely - only those that know the SSID and password will be able to connect. Anyone not seeing the SSID wont even know it exists.

In reply to a post by Spuriousfish:

You turn off the broadcasting of the SSID your devices won't connect.

Not true because I know what my SSID is so I can enter this into my devices.

For it to work you would need to know what channel for it to use as well, I know I tried it and it failed to work and all devices that was connected lost their connection.

In reply to a post by Spuriousfish:

The SSID beacon tells the wireless devices of what channel to use etc., so without that nobody will be able to connect.

Precisely - only those that know the SSID and password will be able to connect. Anyone not seeing the SSID wont even know it exists.

Well that's not fully true either, anyone monitoring the Wi-Fi channels (using certain software) will see devices communicating to an unlisted Wi-Fi point and would show both the MAC addresses for the Wi-Fi Point and the wireless devices.

I can connect to a Wi-Fi point using its MAC (not using the SSID) and password (assuming I was able to get the password, which isn't that hard to do with the right tools), so hiding it doesn't stop anything apart from the less technical people.

Do forget the SSID itself is only so that the user knows its the correct Wi-Fi Point (unless somebody sets theirs to the same name) I have seen some of those.

The beacon that is broadcasted contains the SSID along with all the required information to enable the device to connect, like the channel and possibly the encryption it uses etc, without that and it may have issues connecting.

Paul

For it to work you would need to know what channel for it to use as well, I know I tried it and it failed to work and all devices that was connected lost their connection.

Nope, never been asked for a channel number and I have plenty of different devices that I've connected up and they stay connected.

As for the rest - yes - nothing is impossible with the right tools but I'm mostly interested in keeping out those who don't know what they are doing and who may inadvertently do damage to my network. So it's just family and trusted friends on request.

Our course using the correct tools means being able to detect a wifi signal and this is unlikely as my house is very well screened and a long way from the road and neighbours. And no one is going to do anything like that inside the house.

In reply to a post by PaulKirby:

In reply to a post by Spuriousfish:

You turn off the broadcasting of the SSID your devices won't connect.

Not true because I know what my SSID is so I can enter this into my devices.

For it to work you would need to know what channel for it to use as well, I know I tried it and it failed to work and all devices that was connected lost their connection.

It sounds to me like something's broken. You certainly don't need to tell clients which channel a network with a hidden SSID uses.

I run a number of sites which have multiple SSIDs - for public wifi, admin and credit card processing. The latter two are hidden, simply because it makes it easier for guests to choose the correct wifi network. There's never a problem connecting to hidden SSID networks with Windows, Mac and PDQ terminal devices. You certainly can't specify a wifi channel on the PDQ terminals and to do that on a Mac you have to use command line tools - which I've never needed.

In reply to a post by Spuriousfish:

For it to work you would need to know what channel for it to use as well, I know I tried it and it failed to work and all devices that was connected lost their connection.

Nope, never been asked for a channel number and I have plenty of different devices that I've connected up and they stay connected.

As for the rest - yes - nothing is impossible with the right tools but I'm mostly interested in keeping out those who don't know what they are doing and who may inadvertently do damage to my network. So it's just family and trusted friends on request.

Our course using the correct tools means being able to detect a wifi signal and this is unlikely as my house is very well screened and a long way from the road and neighbours. And no one is going to do anything like that inside the house.

Ok, I did some digging of my datasheets / specs etc, and yes, you are correct about the disabling the beacon, also known as Network Cloaking, but that's is very dangerous, it puts your client device at risk.

Security of SSID hiding

As a purported security enhancement, some access points allow a user to inhibit the broadcasting of their SSIDs, a tactic known as network cloaking; a station may then only join a BSS after the associated SSID has been specified explicitly.

This tactic acts as a deterrent to the extent that it impedes casual wireless snooping but useless against widely available network scanners.

Network cloaking is a form of security through obscurity and offers no protection against even the most basic attacks against a wireless network.

Furthermore, the technique of SSID hiding forces wireless clients to probe for SSIDs everywhere they go which makes them vulnerable to attackers who emulate the probed network.

Client side SSID probing is far more dangerous than base station side beaconing.

Also if your "house is very well screened and a long way from the road and neighbours." then why disable the broadcast beacon.

Don't get me wrong, I am all for making it as hard as you can for the hacker to get in, but they will just end up putting it down as a challenge.

Paul

In reply to a post by caffn8me:

In reply to a post by PaulKirby:

In reply to a post by Spuriousfish:

... nested quotes trimmed ...

Not true because I know what my SSID is so I can enter this into my devices.

For it to work you would need to know what channel for it to use as well, I know I tried it and it failed to work and all devices that was connected lost their connection.

It sounds to me like something's broken. You certainly don't need to tell clients which channel a network with a hidden SSID uses.

I run a number of sites which have multiple SSIDs - for public wifi, admin and credit card processing. The latter two are hidden, simply because it makes it easier for guests to choose the correct wifi network. There's never a problem connecting to hidden SSID networks with Windows, Mac and PDQ terminal devices. You certainly can't specify a wifi channel on the PDQ terminals and to do that on a Mac you have to use command line tools - which I've never needed.

Yeah, I was wrong, I know I did try it a while back, so maybe I did something wrong.

Its still not a good thing disabling the broadcast beacon though due to the client has to do loads of probing of the SSID where ever they go, so Wi-Fi sniffers would see those and a hacker / script kiddie "could" pretend to be that actual access point and they would have your password then.

May it is just me being paranoid in my old age LOL

*** update in bold ***

Paul

Edited by PaulKirby (Tue 25-Oct-16 10:31:56)

The reason I do this now, even though its hard to see my wifi anyway, is for a couple of reasons.

Firstly, 'cos I can - but also I used to live in a much denser area and could see lots of other peoples wifi and in those days it wasn't hard to guess passwords and use someone else's connection, which I did but not for any malicious reason, just to get an Internet Connection when not at home. So I turned miy SSID Broadcast off.

Secondly, there are still people who come to the house with the ubiquitous smart phone, whom I wouldn't trust to operate a wireless doorbell let alone connect to my wifi, and it stops the embarrassment of saying sorry I wont let you connect. They see no signal and don't bother.

To be honest why anyone would want to go to any effort to connect to my home network has a low probability but I might as well make it as hard as possible for minimum effort.

In respect of Client Probing, and if I understand this correctly, this is not relevant in this case because this is my home network and any valid wifi device I own in this house will connect to my network anyway.

Again if I've understood this correctly, Client Probing is what things like smartphones do when roaming. They broadcast all the saved SSID networks they've connect to just to see if there is one within range which they can connect to. This can be picked up and a history of where that smartphone has been can be determined. Disabling the Broadcast SSID on my own home router will not affect this. But as a further point I periodically 'forget' all the stations that I've connected to when traveling.

It's not perfect but easy to do and causes no problems.

I will post a better response later, but most of what you had said here is not correct.

The client connects into the SSID. The channel does not matter. The MAC of the AP does not matter. With a hidden SSID, as long as you type the SSID into your device it will find the channel and connect in. In retail they often have hidden SSIDs and then 20+ APs around the store, all on different channels, and things like in-store ipads and screens connect in.

You cannot connect based purely on MACs you need the SSID.

You can easily guess the SSID by running something such as airodump.
e.g.
http://asdf.bligoo.com/media/users/1/77569/images/pu...

See the probes at the bottom. These are clients in range, such as an iphone nearby, and you can see they are looking for XPA, cpereira, Defran etc... So if an SSID was hidden, as an attacker, I could identify the likely SSID names by seeing what devices near to me are probing.

Probing is basically the iPhone, laptop etc going out and saying "I have the following SSIDs stored, I am looking for SKY82065, TALKTALK284563, The_Cloud" and you can see every probe it makes. So eventually it will probe for that hidden SSID. Anybody can sit and watch the WiFi traffic and see every probe every device in range is making. E.g I could sit and see the probes coming from a neighbours iPad without knowing their WPA2 password, the probes are just freely sent.

Work out the probes which match SSIDs you can see in range, note down the ones which do not match with ones in range. The hidden SSID will be one of these.

You can even send deauthorisation requests to the hidden SSID WiFi, which will kick everyone off the WiFi point, at which stage you will see multiple clients all probing that hidden SSID name.

Edited by ukhardy07 (Tue 25-Oct-16 13:56:45)

In reply to a post by Spuriousfish:

The reason I do this now, even though its hard to see my wifi anyway, is for a couple of reasons.

Firstly, 'cos I can - but also I used to live in a much denser area and could see lots of other peoples wifi and in those days it wasn't hard to guess passwords and use someone else's connection, which I did but not for any malicious reason, just to get an Internet Connection when not at home. So I turned miy SSID Broadcast off.

Secondly, there are still people who come to the house with the ubiquitous smart phone, whom I wouldn't trust to operate a wireless doorbell let alone connect to my wifi, and it stops the embarrassment of saying sorry I wont let you connect. They see no signal and don't bother.

To be honest why anyone would want to go to any effort to connect to my home network has a low probability but I might as well make it as hard as possible for minimum effort.

In respect of Client Probing, and if I understand this correctly, this is not relevant in this case because this is my home network and any valid wifi device I own in this house will connect to my network anyway.

Again if I've understood this correctly, Client Probing is what things like smartphones do when roaming. They broadcast all the saved SSID networks they've connect to just to see if there is one within range which they can connect to. This can be picked up and a history of where that smartphone has been can be determined. Disabling the Broadcast SSID on my own home router will not affect this. But as a further point I periodically 'forget' all the stations that I've connected to when traveling.

It's not perfect but easy to do and causes no problems.

While I agree with most of that, I don't think that you understand the "Client side SSID probing", if you don't leave your home at all with said Wi-Fi device i.e. Smart Phone etc then you will be ok some what.

How ever if you go out with said smart phone with the Wi-Fi still enabled then you "could" get into problems.


Client side SSID probing is an issue due to the smart phone has to probe the SSID to every channel until it gets a response, in most cases it would be the correct one.

No say you go out and some not so nice people setup loads of Wireless monitoring points all over the place and some of them detect your smart phone probing all channels your SSID due to it cannot find it, now those not so nice people now have your SSID, they can then set one of their Wi-Fi Access Points to use that SSID, you phone sees it and tries to authenticate with it, now they have your SSID and your Password and if you are in an area close to your home it becomes worse.

There is also nothing stopping one of your untrusted friends from running an app that monitors Wi-Fi network headers and pick up your smart phone talking to your Wi-Fi Access Point and then turn his device into an access point with your SSID with a result of getting your SSID and Password.

That's what I was getting at.

Also most wireless devices will try to connect to the strongest signal with that SSID so if there was your one and another one in your untrusting friends bag closer to you, there is a very good chance your smart phone will try theirs first.

Also there are directional Wi-Fi antennas out that that are very good picking up very weak signals.

Like I said maybe I am getting paranoid in my old age LOL.

In my eyes seeing just an SSID over retrieving a SSID and password, I know which one I would prefer.

Paul

In reply to a post by ukhardy07:

I will post a better response later, but most of what you had said here is not correct.

The client connects into the SSID. The channel does not matter. The MAC of the AP does not matter. With a hidden SSID, as long as you type the SSID into your device it will find the channel and connect in. In retail they often have hidden SSIDs and then 20+ APs around the store, all on different channels, and things like in-store ipads and screens connect in.

You cannot connect based purely on MACs you need the SSID.

You can easily guess the SSID by running something such as airodump.
e.g.
http://asdf.bligoo.com/media/users/1/77569/images/pu...

See the probes at the bottom. These are clients in range, such as an iphone nearby, and you can see they are looking for XPA, cpereira, Defran etc... So if an SSID was hidden, as an attacker, I could identify the likely SSID names by seeing what devices near to me are probing.

Probing is basically the iPhone, laptop etc going out and saying "I have the following SSIDs stored, I am looking for SKY82065, TALKTALK284563, The_Cloud" and you can see every probe it makes. So eventually it will probe for that hidden SSID. Anybody can sit and watch the WiFi traffic and see every probe every device in range is making. E.g I could sit and see the probes coming from a neighbours iPad without knowing their WPA2 password, the probes are just freely sent.

Work out the probes which match SSIDs you can see in range, note down the ones which do not match with ones in range. The hidden SSID will be one of these.

You can even send deauthorisation requests to the hidden SSID WiFi, which will kick everyone off the WiFi point, at which stage you will see multiple clients all probing that hidden SSID name.

What I was getting at is when you disable the broadcasting of the beacon, the devices that are connecting to it has to probe every channel until it gets a response from the access point in question.

There is no reason that a person cannot monitor that actual client device probing the channels to find the access point.
And once that person sees the SSID name that the client device is sending on all channels, they only need to then setup a temporary access point with that SSID and the client device will try and authenticate with that, which will result in the password being discovered.

That's what I was on about, you gain nothing from hiding your SSID, only thing is when the client device is setup to connect using SSID + Encryption Type its not that hard to spoof that SSID and fool that device from connecting to you and when it tries to authenticate the custom written app spoofing the SSID will have their password.

In my eyes I would prefer to give out my SSID rather than to not knowingly give out my SSID and my password.

Paul

And once that person sees the SSID name that the client device is sending on all channels, they only need to then setup a temporary access point with that SSID and the client device will try and authenticate with that, which will result in the password being discovered.

Say I setup a temporary AP with the same SSID as another SSID in range. The client we are trying to compromise will try to connect to my rogue SSID (provided my signal is better than theirs), however all that happens is the 4 way handshake will fail as the encryption passphrase is different. At no stage is the actual password exchanged... The attacker may at best capture the handshake and try to bruteforce it offline, but this can be easily done on SSID hidden / shown.

That's what I was on about, you gain nothing from hiding your SSID, only thing is when the client device is setup to connect using SSID + Encryption Type its not that hard to spoof that SSID and fool that device from connecting to you and when it tries to authenticate the custom written app spoofing the SSID will have their password.

If this is true, explain how I would get their password so easily? The 4 Way handshake would just fail.

Have a listen to this:

https://www.youtube.com/watch?v=9M8kVYFhMDw

Edited by ukhardy07 (Tue 25-Oct-16 15:51:20)

I watched that video a few years back, it has always reminded me of the Apache Digest Authentication.

That guy didn't go into that much detail, I agree with the 4-Way handshake but isn't that just to setup the encryption for both ways, not too sure if the client device encrypts the password using the setup encryption and that the AP device decrypts the password and compares it with its own.
Or if it hashes it and then encrypts that hash and sends it to the AP device to be decrypted and then compared to a hashed version of its password.

So either way you would have a password or a hash password which could be brute forced to get possible passwords, granted there would be loads of wrong passwords returned due to hash collisions.

TBH, I thought it might of used RSA Key Pairs.

Paul

Yes you can capture the handshake and brute force offline. I have done it for clients of mine.

This is possible irrespective of the SSID being broadcast or not. You would never setup your own SSID (the same as another) to get this data though... You would simply do this:
https://www.youtube.com/watch?v=ObwByN6FWwA

& then you can crack offline.

It is surprising how commonly I get the PW back after just a few days of bruteforcing.

In reply to a post by ukhardy07:

Yes you can capture the handshake and brute force offline. I have done it for clients of mine.

This is possible irrespective of the SSID being broadcast or not. You would never setup your own SSID (the same as another) to get this data though... You would simply do this:
https://www.youtube.com/watch?v=ObwByN6FWwA

& then you can crack offline.

It is surprising how commonly I get the PW back after just a few days of bruteforcing.

I agree, I did it to home a few doors down to prove a point that Wi-Fi isn't that safe and wired is more secure.
That took between 4 to 8 hours to do, just left it going over night and it was done when I got up.
A few days later they moved over to wired.

The sad thing is with this way the owner of the AP has no clue apart from one of their wireless devices loosing connection and when their bandwidth is all of a sudden being used up

Not too sure if the software used uses CPU or the CUDA Cores to do all its brute force.
Because CUDA is very good with numbers LOL.

Paul

& then there's WPS lol.

In reply to a post by ukhardy07:

& then there's WPS lol.

LOL, don't get me started there, could be worse it could be WEP

Paul

In reply to a post by ukhardy07:

Yes you can capture the handshake and brute force offline. I have done it for clients of mine.

This is possible irrespective of the SSID being broadcast or not. You would never setup your own SSID (the same as another) to get this data though... You would simply do this:
https://www.youtube.com/watch?v=ObwByN6FWwA

& then you can crack offline.

It is surprising how commonly I get the PW back after just a few days of bruteforcing.

How long are the passwords that you manage to crack? I presume longer passwords are more difficult.

It's generally cracked because they use dictionary words such as

m0n3ay123 - that would be one example.

In reply to a post by ukhardy07:

It's generally cracked because they use dictionary words such as

m0n3ay123 - that would be one example.

Agreed, I've seen some stupid passwords in the past.

I know ours uses the full 64 characters (I think) of random numbers, symbols, mixed case letters.
It takes forever to enter them all in on the phones and tablets LOL.

And if somebody wants to spend all that time getting our password, then they can, I will just change it again to another random 64 or so char password LOL.

Paul

You can check how good your passwords are here...

https://www.grc.com/haystack.htm

Interesting!!

I tried a previous password (which some sites had rejected as being far too simple/easy) & it gave me "Green-Lights" throughout & told me it would take "1.83 billion centuries" to hack in an "Online Attack Scenario (Assuming one thousand guesses per second)"!

LOL. Easy. My honestly simple 24 character pass phrase gave the comment:
Online Attack Scenario:
(Assuming one thousand guesses per second) 93.83 billion trillion trillion centuries
Somewhat unrealistic but perhaps a little reassuring.

In reply to a post by Spuriousfish:

You can check how good your passwords are here...

https://www.grc.com/haystack.htm

The thinking behind that page is a remarkable change to the standard "make it tricky" approach:

a) Make sure a cracker is forced to start an exhaustive, character-by-character search;
b) Make it long, through easy (for you) to remember padding characters.

The first step in that is to choose a password with at least 1 lower-case character, 1 upper-case character, 1 digit, and 1 symbol.