.

Windows 7 Wireless Profiles

<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Tue Jul 26, 2011 2:20 pm

Windows 7 Wireless Profiles

So when you view a wireless profile in Windows 7, the only indicator for it to connect to an AP is by the ESSID.  Is there another location that stores more info (e.g. BSSID)?  I'm trying to figure out why a device would keep connecting to a specific AP, even though it has a lower signal strength than another AP with the same ESSID.

**UPDATE**
I found this SANS paper: Wireless Networks and the Windows Registry - Just where has your computer been?  On page 12 I found that the AP's MAC is stored in a specific registry entry along with other AP settings.

My questions now are: does the Windows network manager reference these entries when connecting to SSID's?  Does it cross-check the MAC addresses found in these entries when connecting?  If so, this would explain the issue.  If not, I'm not really sure what other perspective to look at this issue from...
Last edited by lorddicranius on Tue Jul 26, 2011 3:02 pm, edited 1 time in total.
GSEC, eCPPT, Sec+
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Wed Jul 27, 2011 10:29 am

Re: Windows 7 Wireless Profiles

This doesn't answer your question but it is related.

Profiles that connect automatically are a security risk. Most OSes are aware of this now and have supposedly fixed the problem.

http://www.securitytube.net/video/1780

I'll take a guess at the questions anyway:
"does the Windows network manager reference these entries when connecting to SSID's? "..........yes

"Does it cross-check the MAC addresses found in these entries when connecting?"...........yes.

My guess is that why a device would keep connecting to a specific AP even though it has a lower signal strength than another AP with the same ESSID is because its MAC is in the Preferred Network List.....although, it depends. If I recall correctly (I'd double check), the client decides when to roam with autonomous APs and if a WLAN controller is used, the controller decides when to roam.
ISC2 Associate, WCNA, CWNA, OSCP, Network+
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Wed Jul 27, 2011 12:53 pm

Re: Windows 7 Wireless Profiles

WCNA wrote:This doesn't answer your question but it is related.

Profiles that connect automatically are a security risk. Most OSes are aware of this now and have supposedly fixed the problem.


I learned about the issue of automatically connecting wifi devices from that very video!  My company prefers ease-of-use than security though (seems to be a common complaint from the security-minded folks).  It'll take an incident happening before a policy to "disable automatically connecting to AP's" is implemented.

WCNA wrote:I'll take a guess at the questions anyway:
"does the Windows network manager reference these entries when connecting to SSID's? "..........yes

"Does it cross-check the MAC addresses found in these entries when connecting?"...........yes.

My guess is that why a device would keep connecting to a specific AP even though it has a lower signal strength than another AP with the same ESSID is because its MAC is in the Preferred Network List.....


My thoughts exactly, but I wasn't for sure because of...

WCNA wrote:.....although, it depends. If I recall correctly (I'd double check), the client decides when to roam with autonomous APs and if a WLAN controller is used, the controller decides when to roam.


...this.  I was also under the impression that wifi devices would switch automatically once some threshold is met, but I don't know what this threshold is.  Losing signal completely...or once it gets to <10% signal strength...?  I was curious about this also.

For my purpose, these laptops are stationary in their respective offices for the most part, so I don't have to worry about them roaming very often (would love a wireless controller to cover this just in case, but need $$ for that haha).  We had one AP fail and all of the laptops switched over to this other AP with a lower signal strength.  I have the new AP in place, but had laptops still connecting to the old WAP.  This was resolved by blowing away the wireless profile and recreating a new one when connecting to the ESSID with the stronger signal.

Thanks for the input, WCNA.  Let us know when those securitytube t-shirts are out! :)
GSEC, eCPPT, Sec+
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Thu Jul 28, 2011 12:00 pm

Re: Windows 7 Wireless Profiles

"....I don't know what this threshold is"


Nor will you. The roaming algorithm is proprietary, that's why it's recommended that you don't mix and match vendors. RSSI is key in their algorithms but they might also use SNR, error rates and retransmissions. Proper cell overlap is key as too much or too little hurts roaming hence the Goldilocks approach- just right.

(would love a wireless controller to cover this just in case, but need $$ for that haha)
Check out UBNT's Unifi solution. Much cheaper than you think.

Let us know when those securitytube t-shirts are out!


I imagine Vivek is really busy prepping for his talks at Blackhat and Defcon Workshops and hasn't gotten around to finishing what needs to be done. The store has been ready for a while, I finished it a couple weeks ago. I don't know if you can actually order from it or not yet but it's at www.printfection.com/SecurityTube
ISC2 Associate, WCNA, CWNA, OSCP, Network+

Return to Wireless

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software