Penetration Testing mailing list archives
Re: Wireless Cards for pen testing?
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net>
Date: Fri, 11 Aug 2006 12:50:11 -0700
Tales from the Crypto : Wireless security: http://msmvps.com/blogs/alunj/archive/2006/08/06/106928.aspxOh but SSID broadcasting turned off means I'm secure.. right? I mean the Internet said so.
(Those tubes work better when those SSID thingys are turned off you know... things slide better)
Nikhil Das wrote:
Thanks for the help everyone. I picked up the proxim b/g card. On an additional note, I had to convince a CTO yesterday that his WEP network was insecure, according to him his network is secure because he has ssidbroadcast switched off and MAC authentication switched on.Now he says I have to prove it by gaining access to his network.Well, am going to start my first pen test...wish me luckNikhil -----Original Message----- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP][mailto:sbradcpa () pacbell net] Sent: Friday, August 11, 2006 6:19 AMTo: Sean Calista Cc: jpippin; nikhildas () gmail com; pen-test () securityfocus com Subject: Re: Wireless Cards for pen testing?Don't know if they still offer it.. but SANS used to sell them at their conferences..bet they still do since it's on their web site.... https://store.sans.org/store_category.php?category=merchandis Scroll to the bottom and you can see the Orinoco there. I have an old 'b' version that is still the best rock solid card around. Sean Calista wrote:Hi, I would recommend getting a prism chipset or a Orinoco chipset. I have the SENAO NL-2511CD EXT2 (prism chipset) and a Cisco Aironet 350. Using Kismet and tools for wep cracking work great with my Cisco Aironet 350. However if you want to use a program such as void11 to perform de_authenication and use the HostAP drivers you need to have a prism chipset based card. Prism chipset based cards are an all around great chipset, It works well performing wep and wpa cracking and still has the ability to work with most penetration testing tools. Note : The Senao NL-2511cd does not have a internal antenna. I bought a small MMCX antenna that hooks into it. I also use a 7db and a 14db antenna(yagi) as well. My Senao works great with void 11,wep_crack,kismet,airdump, and other tools on backtrack and auditor. -----Original Message-----From: jpippin [mailto:jpippin () gmail com] Sent: Thursday, August 10, 2006 2:56 AMTo: nikhildas () gmail com; pen-test () securityfocus com Subject: RE: Wireless Cards for pen testing? Get an Orinoco Gold with the Hermes2 chipset. Then use the Backtrack LiveCD and you're set to pen-test. Joel Pippin President Secure Network Administration, Inc.919.260.5759-----Original Message-----From: nikhildas () gmail com [mailto:nikhildas () gmail com] Sent: Wednesday, August 09, 2006 3:43 AMTo: pen-test () securityfocus com Subject: Wireless Cards for pen testing? Hi, im jus starting out at a security firm and have been put in charge of getting my own kit because the person in charge is on leave. i will be starting out with wired network audits but i have been given a free run ofthe wireless section too.could u recommend some cards that are supported by all security test software? eg airsnort/kismet? will i need to purchase one of eachchipset? ie prism2/atheros. i need windows and linux support. thanks------------------------------------------------------------------------ ---- -- This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win theAnalyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------ ---- -- ------------------------------------------------------------------------ ------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com fordetails. ------------------------------------------------------------------------ ---------------------------------------------------------------------------------- --Analyst'sThis List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win therise,Choice Award from eWeek. As attacks through web applications continue totheyou need to proactively protect your applications from hackers. Cenzic hasmost comprehensive solutions to meet your application security penetrationatesting and vulnerability management needs. You have an option to go withmanaged service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm yourresults from other product. Contact us at request () cenzic com for details.---------------------------------------------------------------------------- --
--Letting your vendors set your risk analysis these days? http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs ------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- RE: Wireless Cards for pen testing?, (continued)
- RE: Wireless Cards for pen testing? jpippin (Aug 10)
- RE: Wireless Cards for pen testing? Richard Feist (Aug 10)
- RE : Wireless Cards for pen testing? Nestor Burma (Aug 10)
- RE: Wireless Cards for pen testing? Prashant Meswani (Aug 10)
- Re: Wireless Cards for pen testing? Ghirai (Aug 10)
- Re: Wireless Cards for pen testing? offset (Aug 10)
- Re: Wireless Cards for pen testing? Danny Fullerton (Aug 10)
- RE: Wireless Cards for pen testing? Sean Calista (Aug 10)
- Re: Wireless Cards for pen testing? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 10)
- RE: Wireless Cards for pen testing? Nikhil Das (Aug 11)
- Re: Wireless Cards for pen testing? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 11)
- Re: Wireless Cards for pen testing? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 10)
- Re: Wireless Cards for pen testing? Thomas d'Otreppe (Aug 11)
- RE: Wireless Cards for pen testing? jpippin (Aug 10)