Hi community,
We have batman-adv + OpenWRT + ath9k chip + ath9k driver reliably running for about 2 years. The biggest batman-adv mesh network is with 100+ nodes.
As this is a closed network, we have a new requirement which is to make our batman-adv mesh network invisible, although the current SSID is just some meaningless characters.
One thought is hidden_ssid. But, it seems hidden_ssid is only supported for AP mode (not IBSS mode).
802.11w does not protect Beacon frame (because it is before four-ways handshake).
As this is a closed network, what about encrypting Beacon (maybe all management frames later) using a hard-coded key in wpa_supplicant?
Thanks for your help.
Xuebing Wang
Hi Xuebing,
at least for Ad-Hoc mode, you can't hide the SSID without changing the kernel driver (mac80211). Encrypting the beacon doesn't help here, as the SSID needs to be clear text eventually even if management frames get encrypted.
Cheers, Simon
On Saturday, March 30, 2019 11:50:27 AM CEST Xuebing Wang wrote:
Hi community,
We have batman-adv + OpenWRT + ath9k chip + ath9k driver reliably running for about 2 years. The biggest batman-adv mesh network is with 100+ nodes.
As this is a closed network, we have a new requirement which is to make our batman-adv mesh network invisible, although the current SSID is just some meaningless characters.
One thought is hidden_ssid. But, it seems hidden_ssid is only supported for AP mode (not IBSS mode).
802.11w does not protect Beacon frame (because it is before four-ways handshake).
As this is a closed network, what about encrypting Beacon (maybe all management frames later) using a hard-coded key in wpa_supplicant?
Thanks for your help.
Xuebing Wang
Hi Simon,
Thanks a lot for your reply.
With ath9k chip and ath9k driver, do you think it is possible to use "proprietary modulation" (slightly modified), so wireshark + wlan in monitor mode won't be able to detect wireless frames batman-adv network sends?
Xuebing Wang
On 2019/4/1 下午5:59, Simon Wunderlich wrote:
Hi Xuebing,
at least for Ad-Hoc mode, you can't hide the SSID without changing the kernel driver (mac80211). Encrypting the beacon doesn't help here, as the SSID needs to be clear text eventually even if management frames get encrypted.
Cheers, Simon
On Saturday, March 30, 2019 11:50:27 AM CEST Xuebing Wang wrote:
Hi community,
We have batman-adv + OpenWRT + ath9k chip + ath9k driver reliably running for about 2 years. The biggest batman-adv mesh network is with 100+ nodes.
As this is a closed network, we have a new requirement which is to make our batman-adv mesh network invisible, although the current SSID is just some meaningless characters.
One thought is hidden_ssid. But, it seems hidden_ssid is only supported for AP mode (not IBSS mode).
802.11w does not protect Beacon frame (because it is before four-ways handshake).
As this is a closed network, what about encrypting Beacon (maybe all management frames later) using a hard-coded key in wpa_supplicant?
Thanks for your help.
Xuebing Wang
Hi Xuebing,
I'm not aware of any "proprietary modulation", and I doubt it's possible - at least not while using an AP at the same time. You can look into 5/10 MHz mode or do other quirks if mesh is the only thing running on your module though.
Cheers, Simon
On Saturday, April 6, 2019 2:06:55 PM CEST Xuebing Wang wrote:
Hi Simon,
Thanks a lot for your reply.
With ath9k chip and ath9k driver, do you think it is possible to use "proprietary modulation" (slightly modified), so wireshark + wlan in monitor mode won't be able to detect wireless frames batman-adv network sends?
Xuebing Wang
On 2019/4/1 下午5:59, Simon Wunderlich wrote:
Hi Xuebing,
at least for Ad-Hoc mode, you can't hide the SSID without changing the kernel driver (mac80211). Encrypting the beacon doesn't help here, as the SSID needs to be clear text eventually even if management frames get encrypted.
Cheers,
Simon
On Saturday, March 30, 2019 11:50:27 AM CEST Xuebing Wang wrote:
Hi community,
We have batman-adv + OpenWRT + ath9k chip + ath9k driver reliably running for about 2 years. The biggest batman-adv mesh network is with 100+ nodes.
As this is a closed network, we have a new requirement which is to make our batman-adv mesh network invisible, although the current SSID is just some meaningless characters.
One thought is hidden_ssid. But, it seems hidden_ssid is only supported for AP mode (not IBSS mode).
802.11w does not protect Beacon frame (because it is before four-ways handshake).
As this is a closed network, what about encrypting Beacon (maybe all management frames later) using a hard-coded key in wpa_supplicant?
Thanks for your help.
Xuebing Wang
b.a.t.m.a.n@lists.open-mesh.org