Re: Wireless pentesting requirements
From: Andrew A. Vladimirov (mlists_at_arhont.com)
Date: 06/10/04
- Previous message: Yonatan Bokovza: "RE: Multiple IP on the same server howo to idenfity"
- Maybe in reply to: mak_pen_at_hotmail.com: "Wireless pentesting requirements"
- Next in thread: Mister Coffee: "Re: Wireless pentesting requirements"
- Reply: Mister Coffee: "Re: Wireless pentesting requirements"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Jun 2004 22:14:09 +0100 To: Mister Coffee <live4java@stormcenter.net>
Mister Coffee wrote:
> On Thu, Jun 10, 2004 at 08:13:54PM +0100, Andrew A. Vladimirov wrote:
>
>>Mister Coffee wrote:
>>
>>>On Sun, Jun 06, 2004 at 08:34:16PM -0000, mak_pen@hotmail.com wrote:
>>>
>>>
>>>The answer is, of course, "It depends on your situation." Personally, I
>>>like helical antennas, thought Yagi's have a large following. If you're
>>>talking about an exterior walk-around, you can probably get away with any
>>>number of small antennas.
>>
>>Why to go for the small, gain does matter :) So does narrow beamwidth.
>>
>
> Good point, but as mentioned, it depends on what you're doing. If I'm trying to locate and ID the site's AP's, I'd be looking at different antenna performance than if I was trying to get into a specific AP.
>
> For a targeted test against a specific AP, I'd agree. Gain is King.
True enough, but the guy who initiated the thread was asking
specifically about pentesting. Thus, I'm trying to give him an answer as
"blackhattish" as it can be :)
>
>
>>>As for wireless card . . . I'm kind of partial to the Cisco cards myself.
>>>If you're working with external antennas, then you'll want one that's easy
>>>to adapt. The less surgery you have to do on the card, the easier your
>>>life will be.
>>
>>Cisco Aironet 350 LMC cards have excellent external MMCX connectors and
>>very good receive sensitivity. The automatic firmware-level channel
>>hopping means less hustle when scanning around. However, it also means
>>that you won't be able to lock the card on a single channel when in
>>RFMON. Also, not all specs are open to the general public, because of
>>that there is nothing like Airjack or HostAP (and tools that are built
>>using these wonderful drivers) for Cisco Aironet series.
>>
>>Verdict: a wonderful card for wardriving and site surveying, but pretty
>>useless for serious wireless pentesting unless you are seriously into
>>firmware reverse engineering.
>>
>
> I'll defer to your experience here. Most of my work's been either with extending range or site surveying where the Cisco cards worked well for me.
Most of the wireless stuff we do involves mangling custom 802.11 frames,
injecting traffic into the network without knowing WEP, accelerating WEP
cracking, phishing and guessing users credentials etc. - Wi-Foo
(www.wi-foo.com) describes it all pretty much. For all of this, open
specs for both firmware and drivers are vital.
>
> You'd be amazed at the range you can drag out of a 2M dish...
You forgot a 2W bi-amplifier and 500mW Demarctech AP :) The only
possible side effect is KFS (Kentucky Fried Sysadmin)...
Cheers,
Andrew
>
>
>>Cheers,
>>Andrew
>>
>
> Cheers,
> L4J
>
- Previous message: Yonatan Bokovza: "RE: Multiple IP on the same server howo to idenfity"
- Maybe in reply to: mak_pen_at_hotmail.com: "Wireless pentesting requirements"
- Next in thread: Mister Coffee: "Re: Wireless pentesting requirements"
- Reply: Mister Coffee: "Re: Wireless pentesting requirements"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
