Re: Wireless assessment

From: Mister Coffee (live4java@stormcenter.net)
Date: Tue Jul 24 2007 - 15:22:15 EDT

• Next message: Pete Herzog: "Re: Vulnerability Assessment"
• Previous message: John Hally: "RE: Vulnerability Assessment"
• In reply to: rajat swarup: "Wireless assessment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

rajat swarup wrote:
> Hi Pen-Testers,
> Needed some advice from your experience:
>
> Which is the best card, antenna and GPS combination for performing
> wireless assessments?
>
> I have picked up the EliteConnect SMC 2532W-B, Garmin Nuvi 350.
> Anyone experienced any problems with this?
>
> Thanks and regards,
A bit late to respond, but here goes.

There appears to be no single "best" wireless card. They each have some
quirks, and, in an ideal test, you'd be able to run several combinations
of OS and Card at the same time. I'm rather fond of the Proxym
(Atheros) cards myself, and for years ran a Cisco card with an external
antenna.

Antennas for wireless penetration are kind of a mixed bag. What are you
really trying to gain? When hunting for rogue Access Points or hidden
clients, directionality is important - but most directional antennas
also give you a lot of gain, which is often NOT what you want. Still
haven't settled on the best compromise, but I lean towards a
multi-element Yagi with some attenuation to make up for the gain.

If you're looking for range, a big horn works wonders.

The GPS portion is a different animal. Most GPS receivers absolutely
suck indoors. We don't even bother with them when we're doing a
building. That said, you want one that has an output format you can
read. NMEA0183 is a good standard. You might want to look at something
like a Garmin 18 (hockey puck on a USB cable) or the 72/76 series. The
72 and 76 series are designed for Marine use and put out standard
NMEA0183. Magellan and others make similar units.

None of them work well indoors. Most are available over the internet
for under $200. If you go with a small one, like an eTrex, make sure it
can output to other devices. All the marine ones can.

Anyway, good luck!

Cheers,
L4J

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Pete Herzog: "Re: Vulnerability Assessment"
• Previous message: John Hally: "RE: Vulnerability Assessment"
• In reply to: rajat swarup: "Wireless assessment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:58 EDT