Penetration Testing mailing list archives
Re: [PEN-TEST] Penetrating Wireless Networks
From: Marnix Petrarca <Marnix () DAEMONLABS COM>
Date: Thu, 8 Mar 2001 22:18:36 -0100
Frank, assuming we know nothing about the target except that radiowave lan is used.. go outside in, based on an initial reference from the inside out. Cell metrics vary with construction circumstance, i.e. a concrete room thick enough will actually create a tunnel of radiosignals, so you might just want to mention what the spec say. It radiates differently, and even weather can affect these things. That will anyway malform your mapping of cells so you may just want to establish the effective signal receivable in meters distance, maybe with a degradation ratio. With a frequency-searcher you can grab the used frequencies in a snap, to seen how channels are chosen or switched. Since you are penetrating, the hard way would be to hook up a hardware protocol-analyser to a scanner with a signal-strength indicator, and first decipher the protocols used. This is phase one. Next you could (based on constructional limitations) predict where the laptop with receiver would have to be to be effective (maybe a lunchroom across the street), etc. There is something as foil that can be applied to walls (I will start using in the coming months) since there is the Van Eck-effect (I believe that's the Physics name), with which you can pick radiowave emitted from monitors and electron-tube-based apparatus, so even windows (panes) become important. This can bypass the entire theme and do the work for me in parsecs.. And civil GPS is still too inaccurate for these metrics btw, I thought it was 3.5 mtrs accurate as opposed to 35 cm military? Think about Van Eck - you might want to include this in your approach. Let me digg for some beautifull brochures of some industrial hardware protocol-analysers I have had and plan to acquire. I picked them up at a specific security-event a year ago. And the laptop part is of course phase two. You're allready having lunch;-) Bye now -- Marnix DaemonLabs.com -- The Netherlands. Frank Knobbe wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1There was some interesting information on 802.11 and 802.11b [...]andi have found a paper on wep weaknesses [...]is really not what I'm interested in. I'm aware that WEP has shortcomings and can be brute forced due to limited key size. I don't want to test the security of the standard. I was hoping to receive some responses on how you include wireless networks in your penetration tests, and what methods do you use. Driving through the neighborhood with a scanner and GPS receiver is one thing, but this appears more like something you would do as a hobby :) Thank you for the reference to AiroPeek. This seems like a great product. From what I understand it will basically set the card in promiscuous mode (which apparently a lot of wireless cards don't support), and display raw data, revealing the channels used and ESS ID's. With that information you can then reconfigure the NIC for those settings and use your favorite security tools to try to gain entry to the network. But how do you package it? Is is part of the remote test section, or do you include it in your physical test section? Do you start inside the company and work your way out to determine the size of the cells, and where a third party might intercept data? Or do you start form the outside and work your way in? If at all, how do you include it in your standard pen test? How does an office environment differ from a manufacturing plant or a campus? What are the goals (besides 'penetrating' the network) and what are the reports and/or expectations? Do you delivered a map of the cell ranges and discuss the risks? Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOqfi+pytSsEygtEFEQJGuACcDWpYyAdYesWOiglEfm+H7hHAjYwAn3LI FXPAbTNk+1wqKDsffOVDTULp =6kbA -----END PGP SIGNATURE-----
Current thread:
- Re: [PEN-TEST] Penetrating Wireless Networks, (continued)
- Re: [PEN-TEST] Penetrating Wireless Networks Rafael Coninck Teigao (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Weiss, Bill (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Anton Rager (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks mirza sahib (Mar 11)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Marc Mosko (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Ichinin (Mar 13)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 14)
- Re: [PEN-TEST] Penetrating Wireless Networks Marnix Petrarca (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 14)