EH-Net

So when you view a wireless profile in Windows 7, the only indicator for it to connect to an AP is by the ESSID.  Is there another location that stores more info (e.g. BSSID)?  I'm trying to figure out why a device would keep connecting to a specific AP, even though it has a lower signal strength than another AP with the same ESSID.

**UPDATE**
I found this SANS paper: Wireless Networks and the Windows Registry - Just where has your computer been? (http://www.sans.org/reading_room/whitepapers/auditing/wireless-networks-windows-registry-computer-been_33659)  On page 12 I found that the AP's MAC is stored in a specific registry entry along with other AP settings.

My questions now are: does the Windows network manager reference these entries when connecting to SSID's?  Does it cross-check the MAC addresses found in these entries when connecting?  If so, this would explain the issue.  If not, I'm not really sure what other perspective to look at this issue from...

This doesn't answer your question but it is related.

Profiles that connect automatically are a security risk. Most OSes are aware of this now and have supposedly fixed the problem.

http://www.securitytube.net/video/1780

I'll take a guess at the questions anyway:
"does the Windows network manager reference these entries when connecting to SSID's? "..........yes

"Does it cross-check the MAC addresses found in these entries when connecting?"...........yes.

 My guess is that why a device would keep connecting to a specific AP even though it has a lower signal strength than another AP with the same ESSID is because its MAC is in the Preferred Network List.....although, it depends. If I recall correctly (I'd double check), the client decides when to roam with autonomous APs and if a WLAN controller is used, the controller decides when to roam.

I learned about the issue of automatically connecting wifi devices from that very video!  My company prefers ease-of-use than security though (seems to be a common complaint from the security-minded folks).  It'll take an incident happening before a policy to "disable automatically connecting to AP's" is implemented.


My thoughts exactly, but I wasn't for sure because of...


...this.  I was also under the impression that wifi devices would switch automatically once some threshold is met, but I don't know what this threshold is.  Losing signal completely...or once it gets to <10% signal strength...?  I was curious about this also.

For my purpose, these laptops are stationary in their respective offices for the most part, so I don't have to worry about them roaming very often (would love a wireless controller to cover this just in case, but need $$ for that haha).  We had one AP fail and all of the laptops switched over to this other AP with a lower signal strength.  I have the new AP in place, but had laptops still connecting to the old WAP.  This was resolved by blowing away the wireless profile and recreating a new one when connecting to the ESSID with the stronger signal.

Thanks for the input, WCNA.  Let us know when those securitytube t-shirts are out! :)

Nor will you. The roaming algorithm is proprietary, that's why it's recommended that you don't mix and match vendors. RSSI is key in their algorithms but they might also use SNR, error rates and retransmissions. Proper cell overlap is key as too much or too little hurts roaming hence the Goldilocks approach- just right.

Check out UBNT's Unifi solution. Much cheaper than you think.


I imagine Vivek is really busy prepping for his talks at Blackhat and Defcon Workshops and hasn't gotten around to finishing what needs to be done. The store has been ready for a while, I finished it a couple weeks ago. I don't know if you can actually order from it or not yet but it's at www.printfection.com/SecurityTube