Re: Wireless pentesting requirements

[Andre Ludwig <andre.ludwig () gmail com>]

I have found that cisco cards paired with kismet, make for one of the
best site survey tools around.  Then a good prism based card in
conjunction with a hermes card to top it off for actual pen testing.
(cisco works fine as well, but i just allways have my cisco card stuck
to kismet to watch all the action on all channels at once)

Just my two cents. 

I would write a bit more but i cant right now. 

Andre Ludwig CISSP

On Wed, 09 Jun 2004 20:32:48 +0100, Andrew A. Vladimirov
<mlists () arhont com> wrote:
> pen-test () nym hush com wrote:
>  >>In an attempt to investigate the wlan in terms of pen-testing, i am
>  >>wondering what is the best antenna one would need and the best (in >terms
>  >
>  > of wireless pen testing needs) wireless card around?
>  >
>  > Antenna
>  > As far as types go, you'll probably want dipole and yagi.  Also look
>  > beyond the reported gain on an antenna and look at the type of cable
>  > and connectors because, if poorly shielded, they'll introduce _lots_
>  > of loss.  Also look at the radiation patterns to make sure it's adequate
>  > for your situation.
>
> Good omni (we use 12 dBi) and decent directional (we use 19 dBi but will
> buy 24 dBi one, the beamwidth should not be more than 8 degrees). You'll
> need high gain low beamwidth directionals to pinpoint devices,
> triangulate attackers, blast through walls etc. And yes, pay a lot of
> attention to the connectors and cables, especially pigtails. Always have
> a spare pigtail with you - they get broken / worn out easily. Get proper
> connectors from the start - a barrel adapter can introduce up to 2 dBm loss.
>
> Our favourite sites for antennas, amplifiers and Co:
>
> http://www.fab-corp.com
> http://www.hyperlinktech.com/
> http://www.solwise.co.uk/networkingwireless.htm
>
>
>  >
>  > Cards
>  > I like the Senao (EnGenius in USA) cards as they've been the most
> powerful
>  > I've come across (200mW output power for my 802.11b card).  As far as
>  > chipsets are concerned, Prism2/Prism54 and Atheros are probably your
>  > best bets (Cisco Aironet is popular also).  I'd definitely avoid Broadcom
>  > chipsets.
>
> Prism2 is a must, you may need Atheros for 802.11a evaluation.
> Our favourite card is SMC High Power EliteConnect - Prism2 chipset, 23
> dBm power, excellent receiving sensitivity, removable dipole omni and
> two decent external antenna connectors. Get a pair of them for some
> man-in-the-middle attacks too.
>
> As to the wireless pentests per se, we wrote a fat handbook about it
> that would be shipped on 25th this month. Check out www.wi-foo.com and
> look at the table of contents, Appendix G is our official wireless
> pentesting template we use when working with clients and it is 16 pages
> long :) Also check out the list of tools on the site (sorry, open source
> only ! :)
>
> Cheers,
> Andrew
>
> --
> Dr. Andrew A. Vladimirov
> CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+
> CSO
> Arhont Ltd - Information Security.
>
> Web: http://www.arhont.com
>       http://www.wi-foo.com
> Tel: +44 (0)870 44 31337
> Fax: +44 (0)117 969 0141
> GPG: Key ID - 0x1D312310
> GPG: Server - gpg.arhont.com