Penetration Testing mailing list archives
Re: Wireless pentesting requirements
From: Mister Coffee <live4java () stormcenter net>
Date: Thu, 10 Jun 2004 14:54:13 -0700
On Thu, Jun 10, 2004 at 10:14:09PM +0100, Andrew A. Vladimirov wrote:
Mister Coffee wrote:
<<snip>>
Good point, but as mentioned, it depends on what you're doing. If I'm trying to locate and ID the site's AP's, I'd be looking at different antenna performance than if I was trying to get into a specific AP. For a targeted test against a specific AP, I'd agree. Gain is King.True enough, but the guy who initiated the thread was asking specifically about pentesting. Thus, I'm trying to give him an answer as "blackhattish" as it can be :) i
Good call that. I considered initial location part of the pen-test, but that's just me. Of course, having several antennas and cards in your kit can't hurt. Say, an intermediate gain/beamwidth antenna for finding the AP's, then a high gain narrow beamwidth antenna for the actual penetration.
<<snip>>
I'll defer to your experience here. Most of my work's been either with extending range or site surveying where the Cisco cards worked well for me.Most of the wireless stuff we do involves mangling custom 802.11 frames, injecting traffic into the network without knowing WEP, accelerating WEP cracking, phishing and guessing users credentials etc. - Wi-Foo (www.wi-foo.com) describes it all pretty much. For all of this, open specs for both firmware and drivers are vital.
Good reference site, definately. I should see about compiling a list of good antenna sites for those who are interested. There's some sweet commercial gear, but it's expensive. You can build some very nice home brew antennas, of course, there's a lot of good information on antenna design (there's a number of places to get the calcs for building a Yagi, for example), but not much -inexpensive- test gear in that range, or information on coupling, that I've seen.
You'd be amazed at the range you can drag out of a 2M dish...You forgot a 2W bi-amplifier and 500mW Demarctech AP :) The only possible side effect is KFS (Kentucky Fried Sysadmin)...
Well, if I leave out the 2 watt amp, I'm less likely to have Uncle Charlie knocking on my door. At least in the US. Of course, being licensed in that band helps ;) . . .
Cheers, Andrew
Cheers, L4J
Current thread:
- Wireless pentesting requirements mak_pen (Jun 07)
- Re: Wireless pentesting requirements Mister Coffee (Jun 09)
- Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 10)
- Message not available
- Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 10)
- Re: Wireless pentesting requirements Mister Coffee (Jun 10)
- antenna - Re: Wireless pentesting requirements Alvin Oga (Jun 11)
- Re: antenna - Re: Wireless pentesting requirements Mister Coffee (Jun 11)
- Message not available
- Re: Wireless pentesting requirements Mister Coffee (Jun 11)
- Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 10)
- Re: Wireless pentesting requirements Mister Coffee (Jun 09)
- <Possible follow-ups>
- Wireless pentesting requirements pen-test (Jun 09)
- Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 09)
- Re: Wireless pentesting requirements Andre Ludwig (Jun 14)
- Re: Wireless pentesting requirements D'Amato Luigi (Jun 15)
- Re: Wireless pentesting requirements Andrew A. Vladimirov (Jun 09)