HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 77 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Wirelessarrow Windows 7 Wireless Profiles
EH-Net
May 26, 2012, 05:04:24 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Windows 7 Wireless Profiles  (Read 3276 times)
0 Members and 2 Guests are viewing this topic.
lorddicranius
Sr. Member
****
Offline Offline

Posts: 396



View Profile WWW
« on: July 26, 2011, 02:20:25 PM »
So when you view a wireless profile in Windows 7, the only indicator for it to connect to an AP is by the ESSID.  Is there another location that stores more info (e.g. BSSID)?  I'm trying to figure out why a device would keep connecting to a specific AP, even though it has a lower signal strength than another AP with the same ESSID.

**UPDATE**
I found this SANS paper: Wireless Networks and the Windows Registry - Just where has your computer been?  On page 12 I found that the AP's MAC is stored in a specific registry entry along with other AP settings.

My questions now are: does the Windows network manager reference these entries when connecting to SSID's?  Does it cross-check the MAC addresses found in these entries when connecting?  If so, this would explain the issue.  If not, I'm not really sure what other perspective to look at this issue from...
« Last Edit: July 26, 2011, 03:02:50 PM by lorddicranius » Logged
Blog: http://lorddicranius.wordpress.com/
WCNA
Full Member
***
Offline Offline

Posts: 182



View Profile
« Reply #1 on: July 27, 2011, 10:29:44 AM »
This doesn't answer your question but it is related.

Profiles that connect automatically are a security risk. Most OSes are aware of this now and have supposedly fixed the problem.

http://www.securitytube.net/video/1780

I'll take a guess at the questions anyway:
"does the Windows network manager reference these entries when connecting to SSID's? "..........yes

"Does it cross-check the MAC addresses found in these entries when connecting?"...........yes.

 My guess is that why a device would keep connecting to a specific AP even though it has a lower signal strength than another AP with the same ESSID is because its MAC is in the Preferred Network List.....although, it depends. If I recall correctly (I'd double check), the client decides when to roam with autonomous APs and if a WLAN controller is used, the controller decides when to roam.
Logged
ISC2 Associate, WCNA, CWNA, OSCP, Network+
lorddicranius
Sr. Member
****
Offline Offline

Posts: 396



View Profile WWW
« Reply #2 on: July 27, 2011, 12:53:43 PM »
Quote from: WCNA on July 27, 2011, 10:29:44 AM
This doesn't answer your question but it is related.

Profiles that connect automatically are a security risk. Most OSes are aware of this now and have supposedly fixed the problem.

I learned about the issue of automatically connecting wifi devices from that very video!  My company prefers ease-of-use than security though (seems to be a common complaint from the security-minded folks).  It'll take an incident happening before a policy to "disable automatically connecting to AP's" is implemented.

Quote from: WCNA on July 27, 2011, 10:29:44 AM
I'll take a guess at the questions anyway:
"does the Windows network manager reference these entries when connecting to SSID's? "..........yes

"Does it cross-check the MAC addresses found in these entries when connecting?"...........yes.

 My guess is that why a device would keep connecting to a specific AP even though it has a lower signal strength than another AP with the same ESSID is because its MAC is in the Preferred Network List.....

My thoughts exactly, but I wasn't for sure because of...

Quote from: WCNA on July 27, 2011, 10:29:44 AM
.....although, it depends. If I recall correctly (I'd double check), the client decides when to roam with autonomous APs and if a WLAN controller is used, the controller decides when to roam.

...this.  I was also under the impression that wifi devices would switch automatically once some threshold is met, but I don't know what this threshold is.  Losing signal completely...or once it gets to <10% signal strength...?  I was curious about this also.

For my purpose, these laptops are stationary in their respective offices for the most part, so I don't have to worry about them roaming very often (would love a wireless controller to cover this just in case, but need $$ for that haha).  We had one AP fail and all of the laptops switched over to this other AP with a lower signal strength.  I have the new AP in place, but had laptops still connecting to the old WAP.  This was resolved by blowing away the wireless profile and recreating a new one when connecting to the ESSID with the stronger signal.

Thanks for the input, WCNA.  Let us know when those securitytube t-shirts are out! Smiley
Logged
Blog: http://lorddicranius.wordpress.com/
WCNA
Full Member
***
Offline Offline

Posts: 182



View Profile
« Reply #3 on: July 28, 2011, 12:00:37 PM »
Quote
"....I don't know what this threshold is"

Nor will you. The roaming algorithm is proprietary, that's why it's recommended that you don't mix and match vendors. RSSI is key in their algorithms but they might also use SNR, error rates and retransmissions. Proper cell overlap is key as too much or too little hurts roaming hence the Goldilocks approach- just right.

Quote
(would love a wireless controller to cover this just in case, but need $$ for that haha)
Check out UBNT's Unifi solution. Much cheaper than you think.

Quote
Let us know when those securitytube t-shirts are out!

I imagine Vivek is really busy prepping for his talks at Blackhat and Defcon Workshops and hasn't gotten around to finishing what needs to be done. The store has been ready for a while, I finished it a couple weeks ago. I don't know if you can actually order from it or not yet but it's at www.printfection.com/SecurityTube
Logged
ISC2 Associate, WCNA, CWNA, OSCP, Network+
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.141 seconds with 21 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.