Re: I want the PT list back....



Hi J0e

Again most clients are starting to implement WPA2 (often Cisco) but none so far have wireless IPS.

>* 802.1x - I haven't seen it on an assessment yet.
Not really my scene, but Didi, our head of R&D (who leads our wireless testing) may have.

The person Pete mentioned above is me! So to answer your question, I have only seen 802.1x via RADIUS implemented twice out of about 15 wireless audits...

>For wireless I pretty much just use Kisment/Aircrack-NG, but I'm really
>interested in wicrawl. Anyone using it on pentests yet?

Gonna have to ask Didi this, but mostly she uses a wireless packet sniffer and analyses the results manually, making most tools unnecessary. We did invest in Airopeek (I think) recently but haven't played with it much yet.

I got so used to using packet sniffing for "casing the joint" in the early days of wireless, I actually prefer it to a lot of the tools that interpret the packets, so to speak, out there! Not least because a lot of my work also involves investigating client devices and their interactions! For me there's nothing like the "raw" stuff! But then I am an old-ish fogey who still prefers to use CLI FTP for managing our web site files than something GUI like FTP Voyager! Yes, I think it's time I moved forward ;-)

Anyway, I haven't had the chance to play with Airopeek yet - that is WIP for me. I am sad enough to say that I do really, really like the GUI on NetStumbler that has many times helped me to physically locate a rogue AP for example - faster than doing it from signal analysis from packet sniffing. But since sometimes I want to physically locate a client device, then packet sniffing using the SNR data is the only way - unless anyone else knows a better one - I'd be really interested if they did!??? Will have to have a look at wicrawl. I do use Aircrack for proof-of-concept WEP stuff though and yes I do sometimes use Kismet. It really depends on how low I have to go - and/or how much detail and/or thoroughness the client wants.

Hope that helps
Best wishes
Didi







----------------------------------------------------------------------------------------------------------------------
Didi Barnes
Partner (Head of R&D)
First Base Technologies
www.fbtechies.co.uk
www.white-hats.co.uk

--------------------------------------------------------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



Relevant Pages

  • OT: External Wireless CD-ROM Drive?
    ... I do have a wireless AP already. ... LOW noise solution to what's been bouncing around my head. ... to get the machine away from my desk to begin with. ...
    (alt.os.linux)
  • An extract from a textbook
    ... From 'Foundations of Wireless', M G Scroggie, 1958. ... you tread on the tail of a dog the bark comes out at its head. ...
    (uk.tech.digital-tv)
  • Re: OT Puzzler- I cant figure this out
    ... I unhooked the wireless and went back to a cord to get rid of the buzz, and all I got was the dam static noise bullshit again. ... The cord I switched to is in new shape.It cant be the cord.I also,after switching heads, tested the cabs one at a time to check integrity of speaker cords. ... I used the Leaders Peavey head with both cabs and it worked fine.I hooked the wireless up, ...
    (alt.guitar.bass)
  • Re: OT Puzzler- I cant figure this out
    ... I unhooked the wireless and went back to a cord to get rid of the buzz, and all I got was the dam static noise bullshit again. ... The cord I switched to is in new shape.It cant be the cord.I also,after switching heads, tested the cabs one at a time to check integrity of speaker cords. ... I used the Leaders Peavey head with both cabs and it worked fine.I hooked the wireless up, ...
    (alt.guitar.bass)
  • OT Puzzler- I cant figure this out
    ... I unhooked the wireless and went back to a cord to get rid of the buzz, and all I got was the dam static noise bullshit again. ... The cord I switched to is in new shape.It cant be the cord.I also,after switching heads, tested the cabs one at a time to check integrity of speaker cords. ... I used the Leaders Peavey head with both cabs and it worked fine.I hooked the wireless up, ...
    (alt.guitar.bass)