Penetration Testing mailing list archives

Re: I want the PT list back....

From: Didi <didi () firstbase co uk>
Date: Sat, 15 Dec 2007 13:20:59 +0000

Hi J0e

Again most clients are starting to implement WPA2 (often Cisco) butnone so far have wireless IPS.
>* 802.1x - I haven't seen it on an assessment yet.
Not really my scene, but Didi, our head of R&D (who leads ourwireless testing) may have.

The person Pete mentioned above is me! So to answer your question, Ihave only seen 802.1x via RADIUS implemented twice out of about 15wireless audits...

>For wireless I pretty much just use Kisment/Aircrack-NG, but I'm really
>interested in wicrawl. Anyone using it on pentests yet?
Gonna have to ask Didi this, but mostly she uses a wireless packetsniffer and analyses the results manually, making most toolsunnecessary. We did invest in Airopeek (I think) recently buthaven't played with it much yet.

I got so used to using packet sniffing for "casing the joint" in theearly days of wireless, I actually prefer it to a lot of the toolsthat interpret the packets, so to speak, out there! Not leastbecause a lot of my work also involves investigating client devicesand their interactions! For me there's nothing like the "raw"stuff! But then I am an old-ish fogey who still prefers to use CLIFTP for managing our web site files than something GUI like FTPVoyager! Yes, I think it's time I moved forward ;-)

Anyway, I haven't had the chance to play with Airopeek yet - that isWIP for me. I am sad enough to say that I do really, really like theGUI on NetStumbler that has many times helped me to physically locatea rogue AP for example - faster than doing it from signal analysisfrom packet sniffing. But since sometimes I want to physicallylocate a client device, then packet sniffing using the SNR data isthe only way - unless anyone else knows a better one - I'd be reallyinterested if they did!??? Will have to have a look at wicrawl. Ido use Aircrack for proof-of-concept WEP stuff though and yes I dosometimes use Kismet. It really depends on how low I have to go -and/or how much detail and/or thoroughness the client wants.


Hope that helps
Best wishes
Didi







----------------------------------------------------------------------------------------------------------------------
Didi Barnes
Partner (Head of R&D)
First Base Technologies
www.fbtechies.co.uk
www.white-hats.co.uk

--------------------------------------------------------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

I want the PT list back.... Joseph McCray (Dec 12)
- Re: I want the PT list back.... Pete Herzog (Dec 13)
- Re: I want the PT list back.... Peter Wood (Dec 13)
  - Re: I want the PT list back.... Didi (Dec 17)
- RE: I want the PT list back.... Shenk, Jerry A (Dec 13)
  - RE: I want the PT list back.... Ken . Carty (Dec 13)
- Re: I want the PT list back.... Petr . Kazil (Dec 13)
- RE: I want the PT list back.... Erin Carroll (Dec 13)
- Re: I want the PT list back.... Andre Gironda (Dec 17)
- <Possible follow-ups>
- Re: I want the PT list back.... krymson (Dec 13)
- RE: I want the PT list back.... Bob Radvanovsky (Dec 14)