Pentesting a Fixed WiMax environment

[arvind doraiswamy <arvind.doraiswamy () gmail com>]

Hey Guys,
We have a client who's deployed WiMAx 802.16d (fixed) between two
locations. This is to be the primary communications carrier with the
existing leased line acting as a backup. They contacted us to see what
we could do to secure the same. What threats(apart from unrestricted
physical access) is such an enviroment open to?

Are there devices which can sniff traffic , the same way Wireless
works? To connect (if at all possible) to a subscriber station , what
tools are available? A lot of the laptops here do not have inbuilt
WiMax support built in..so how would one 'connect' or 'sniff' other
sensitive traffic?

Also apart from sniffing what other attacks can anyone think of? Is it
possible to replay traffic without being connected at all? All I could
find was a lot of theory related to WiMax and a Wireshark dissector
once traffic was captured? But are there OTA sniffers which will do
the same at all?

All help is most welcome.

Thanks
Arvind
p.s.. Note its 802.16d (FIXED) not 802.16e(MOBILE)

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------