Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Wireless Recon with NetStumbler

From: "Eric Smith" <esmith () e-fense com>
Date: Fri, 17 Aug 2001 13:38:25 -0600
Mark,
    I think your best bet would be to create a seperate configuration
profile to be used when you're running NetStumbler.  We have a generic
profile that has nothing enabled, a blank Network Name and no encryption.
In fact, you really don't want to have any of the WEP keys enabled on the
card if you're going to be using NetStumbler.  The whole point of running
the program is to discover any access points that are active, regardless of
whether or not they're using WEP.  Once you find one that does have WEP
enabled, then you can just crack the WEP key and insert it into a different
profile (Orinoco allows for up to 4 different profiles), and use that to
gain access to their wireless network.  That always seems to hammer the
point home to the client a little better than using the keys they gave you.
Just my .02

Eric

Eric Smith, Computer Security and Investigations Specialist
e-fense, Inc.  (www.e-fense.com)
6767 S. Spruce St., Ste. 215-S
Englewood, CO 80112

-----Original Message-----
From: Adams, Mark [mailto:markadams () kpmg com]
Sent: Thursday, August 16, 2001 11:53
To: 'pen-test () securityfocus com'
Subject: Wireless Recon with NetStumbler


We are attempting to perform wireless recon for a client but we are having
trouble using NetStumbler.  We have an Orinoco Gold NIC with legit WEP keys
(provided by the client).  We connect to the AP and continue to login to the
NT domain as normal.  We can browse the network all around no problem.  We
start Netstumbler and it gets the closest AP that we are close to and then
the NIC dies.  All connectivity is lost.  Netstumbler still runs, but it
will not find any AP's (because the NIC is dead)
Stopping and restarting the PC Card, network service, or doing any ipconfig
command does not revive the NIC.  We must reboot.  The AP is a RoamAbout
from Enterasys Networks.

By the way, we do not have this problem at their other site.  Any ideas?


Mark Adams, CISSP
markadams () kpmg com




**********************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
**********************************************************************


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: