Penetration Testing mailing list archives
Re: Wireless pentesting requirements
From: "Andrew A. Vladimirov" <mlists () arhont com>
Date: Wed, 09 Jun 2004 20:32:48 +0100
pen-test () nym hush com wrote: >>In an attempt to investigate the wlan in terms of pen-testing, i am >>wondering what is the best antenna one would need and the best (in >terms > > of wireless pen testing needs) wireless card around? > > Antenna > As far as types go, you'll probably want dipole and yagi. Also look > beyond the reported gain on an antenna and look at the type of cable > and connectors because, if poorly shielded, they'll introduce _lots_ > of loss. Also look at the radiation patterns to make sure it's adequate > for your situation. Good omni (we use 12 dBi) and decent directional (we use 19 dBi but will buy 24 dBi one, the beamwidth should not be more than 8 degrees). You'll need high gain low beamwidth directionals to pinpoint devices, triangulate attackers, blast through walls etc. And yes, pay a lot of attention to the connectors and cables, especially pigtails. Always have a spare pigtail with you - they get broken / worn out easily. Get proper connectors from the start - a barrel adapter can introduce up to 2 dBm loss. Our favourite sites for antennas, amplifiers and Co: http://www.fab-corp.com http://www.hyperlinktech.com/ http://www.solwise.co.uk/networkingwireless.htm > > Cards> I like the Senao (EnGenius in USA) cards as they've been the most powerful
> I've come across (200mW output power for my 802.11b card). As far as > chipsets are concerned, Prism2/Prism54 and Atheros are probably your > best bets (Cisco Aironet is popular also). I'd definitely avoid Broadcom > chipsets. Prism2 is a must, you may need Atheros for 802.11a evaluation. Our favourite card is SMC High Power EliteConnect - Prism2 chipset, 23 dBm power, excellent receiving sensitivity, removable dipole omni and two decent external antenna connectors. Get a pair of them for some man-in-the-middle attacks too. As to the wireless pentests per se, we wrote a fat handbook about it that would be shipped on 25th this month. Check out www.wi-foo.com and look at the table of contents, Appendix G is our official wireless pentesting template we use when working with clients and it is 16 pages long :) Also check out the list of tools on the site (sorry, open source only ! :) Cheers, Andrew -- Dr. Andrew A. Vladimirov CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+ CSO Arhont Ltd - Information Security. Web: http://www.arhont.com http://www.wi-foo.com Tel: +44 (0)870 44 31337 Fax: +44 (0)117 969 0141 GPG: Key ID - 0x1D312310 GPG: Server - gpg.arhont.com
Current thread:
- Re: Wireless pentesting requirements, (continued)
- Re: Wireless pentesting requirements Mister Coffee (Jun 09)
- Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 10)
- Message not available
- Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 10)
- Re: Wireless pentesting requirements Mister Coffee (Jun 10)
- antenna - Re: Wireless pentesting requirements Alvin Oga (Jun 11)
- Re: antenna - Re: Wireless pentesting requirements Mister Coffee (Jun 11)
- Message not available
- Re: Wireless pentesting requirements Mister Coffee (Jun 11)
- Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 10)
- Re: Wireless pentesting requirements Mister Coffee (Jun 09)
- Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 09)
- Re: Wireless pentesting requirements Andre Ludwig (Jun 14)
- Re: Wireless pentesting requirements D'Amato Luigi (Jun 15)