Penetration Testing mailing list archives
Re: [PEN-TEST] Penetrating Wireless Networks
From: Frank Knobbe <FKnobbe () KNOBBEITS COM>
Date: Thu, 8 Mar 2001 13:52:26 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
There was some interesting information on 802.11 and 802.11b [...]
and
i have found a paper on wep weaknesses [...]
is really not what I'm interested in. I'm aware that WEP has shortcomings and can be brute forced due to limited key size. I don't want to test the security of the standard. I was hoping to receive some responses on how you include wireless networks in your penetration tests, and what methods do you use. Driving through the neighborhood with a scanner and GPS receiver is one thing, but this appears more like something you would do as a hobby :) Thank you for the reference to AiroPeek. This seems like a great product. From what I understand it will basically set the card in promiscuous mode (which apparently a lot of wireless cards don't support), and display raw data, revealing the channels used and ESS ID's. With that information you can then reconfigure the NIC for those settings and use your favorite security tools to try to gain entry to the network. But how do you package it? Is is part of the remote test section, or do you include it in your physical test section? Do you start inside the company and work your way out to determine the size of the cells, and where a third party might intercept data? Or do you start form the outside and work your way in? If at all, how do you include it in your standard pen test? How does an office environment differ from a manufacturing plant or a campus? What are the goals (besides 'penetrating' the network) and what are the reports and/or expectations? Do you delivered a map of the cell ranges and discuss the risks? Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOqfi+pytSsEygtEFEQJGuACcDWpYyAdYesWOiglEfm+H7hHAjYwAn3LI FXPAbTNk+1wqKDsffOVDTULp =6kbA -----END PGP SIGNATURE-----
Current thread:
- Re: [PEN-TEST] Penetrating Wireless Networks, (continued)
- Re: [PEN-TEST] Penetrating Wireless Networks van der Kooij, Hugo (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Rafael Coninck Teigao (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Weiss, Bill (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Anton Rager (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks mirza sahib (Mar 11)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Marc Mosko (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Ichinin (Mar 13)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 14)
- Re: [PEN-TEST] Penetrating Wireless Networks Marnix Petrarca (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 14)