Penetration Testing mailing list archives

Re: Wireless pentesting requirements

From: "Andrew A. Vladimirov" <mlists () arhont com>
Date: Wed, 09 Jun 2004 20:32:48 +0100

pen-test () nym hush com wrote:
>>In an attempt to investigate the wlan in terms of pen-testing, i am
>>wondering what is the best antenna one would need and the best (in >terms
>
> of wireless pen testing needs) wireless card around?
>
> Antenna
> As far as types go, you'll probably want dipole and yagi.  Also look
> beyond the reported gain on an antenna and look at the type of cable
> and connectors because, if poorly shielded, they'll introduce _lots_
> of loss.  Also look at the radiation patterns to make sure it's adequate
> for your situation.

Good omni (we use 12 dBi) and decent directional (we use 19 dBi but will
buy 24 dBi one, the beamwidth should not be more than 8 degrees). You'll
need high gain low beamwidth directionals to pinpoint devices,
triangulate attackers, blast through walls etc. And yes, pay a lot of
attention to the connectors and cables, especially pigtails. Always have
a spare pigtail with you - they get broken / worn out easily. Get proper
connectors from the start - a barrel adapter can introduce up to 2 dBm loss.

Our favourite sites for antennas, amplifiers and Co:

http://www.fab-corp.com
http://www.hyperlinktech.com/
http://www.solwise.co.uk/networkingwireless.htm

>
> Cards

> I like the Senao (EnGenius in USA) cards as they've been the mostpowerful

> I've come across (200mW output power for my 802.11b card).  As far as
> chipsets are concerned, Prism2/Prism54 and Atheros are probably your
> best bets (Cisco Aironet is popular also).  I'd definitely avoid Broadcom
> chipsets.

Prism2 is a must, you may need Atheros for 802.11a evaluation.
Our favourite card is SMC High Power EliteConnect - Prism2 chipset, 23
dBm power, excellent receiving sensitivity, removable dipole omni and
two decent external antenna connectors. Get a pair of them for some
man-in-the-middle attacks too.

As to the wireless pentests per se, we wrote a fat handbook about it
that would be shipped on 25th this month. Check out www.wi-foo.com and
look at the table of contents, Appendix G is our official wireless
pentesting template we use when working with clients and it is 16 pages
long :) Also check out the list of tools on the site (sorry, open source
only ! :)

Cheers,
Andrew

--
Dr. Andrew A. Vladimirov
CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+
CSO
Arhont Ltd - Information Security.

Web: http://www.arhont.com
     http://www.wi-foo.com
Tel: +44 (0)870 44 31337
Fax: +44 (0)117 969 0141
GPG: Key ID - 0x1D312310
GPG: Server - gpg.arhont.com

Current thread:

Re: Wireless pentesting requirements, (continued)
- Re: Wireless pentesting requirements Mister Coffee (Jun 09)
  - Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 10)
    - Message not available
    - Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 10)
    - Re: Wireless pentesting requirements Mister Coffee (Jun 10)
    - antenna - Re: Wireless pentesting requirements Alvin Oga (Jun 11)
    - Re: antenna - Re: Wireless pentesting requirements Mister Coffee (Jun 11)
    - Message not available
    - Re: Wireless pentesting requirements Mister Coffee (Jun 11)
- RE: [ok] Wireless pentesting requirements Curt Purdy (Jun 13)
- RE: Wireless pentesting requirements Chuck Herrin (Jun 14)
- Wireless pentesting requirements pen-test (Jun 09)
  - Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 09)
    - Re: Wireless pentesting requirements Andre Ludwig (Jun 14)
    - Re: Wireless pentesting requirements D'Amato Luigi (Jun 15)
- Re: Wireless pentesting requirements Mister Coffee (Jun 16)