Penetration Testing mailing list archives
Re: I want the PT list back....
From: Didi <didi () firstbase co uk>
Date: Sat, 15 Dec 2007 13:20:59 +0000
Hi J0e
Again most clients are starting to implement WPA2 (often Cisco) but none so far have wireless IPS.>* 802.1x - I haven't seen it on an assessment yet.Not really my scene, but Didi, our head of R&D (who leads our wireless testing) may have.
The person Pete mentioned above is me! So to answer your question, I have only seen 802.1x via RADIUS implemented twice out of about 15 wireless audits...
>For wireless I pretty much just use Kisment/Aircrack-NG, but I'm really >interested in wicrawl. Anyone using it on pentests yet?Gonna have to ask Didi this, but mostly she uses a wireless packet sniffer and analyses the results manually, making most tools unnecessary. We did invest in Airopeek (I think) recently but haven't played with it much yet.
I got so used to using packet sniffing for "casing the joint" in the early days of wireless, I actually prefer it to a lot of the tools that interpret the packets, so to speak, out there! Not least because a lot of my work also involves investigating client devices and their interactions! For me there's nothing like the "raw" stuff! But then I am an old-ish fogey who still prefers to use CLI FTP for managing our web site files than something GUI like FTP Voyager! Yes, I think it's time I moved forward ;-)
Anyway, I haven't had the chance to play with Airopeek yet - that is WIP for me. I am sad enough to say that I do really, really like the GUI on NetStumbler that has many times helped me to physically locate a rogue AP for example - faster than doing it from signal analysis from packet sniffing. But since sometimes I want to physically locate a client device, then packet sniffing using the SNR data is the only way - unless anyone else knows a better one - I'd be really interested if they did!??? Will have to have a look at wicrawl. I do use Aircrack for proof-of-concept WEP stuff though and yes I do sometimes use Kismet. It really depends on how low I have to go - and/or how much detail and/or thoroughness the client wants.
Hope that helps Best wishes Didi ---------------------------------------------------------------------------------------------------------------------- Didi Barnes Partner (Head of R&D) First Base Technologies www.fbtechies.co.uk www.white-hats.co.uk -------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- I want the PT list back.... Joseph McCray (Dec 12)
- Re: I want the PT list back.... Pete Herzog (Dec 13)
- Re: I want the PT list back.... Peter Wood (Dec 13)
- Re: I want the PT list back.... Didi (Dec 17)
- RE: I want the PT list back.... Shenk, Jerry A (Dec 13)
- RE: I want the PT list back.... Ken . Carty (Dec 13)
- Re: I want the PT list back.... Petr . Kazil (Dec 13)
- RE: I want the PT list back.... Erin Carroll (Dec 13)
- Re: I want the PT list back.... Andre Gironda (Dec 17)
- <Possible follow-ups>
- Re: I want the PT list back.... krymson (Dec 13)
- RE: I want the PT list back.... Bob Radvanovsky (Dec 14)