From: Didi (didi@firstbase.co.uk)
Date: Sat Dec 15 2007 - 08:20:59 EST
Hi J0e
>Again most clients are starting to implement WPA2 (often Cisco) but
>none so far have wireless IPS.
>
> >* 802.1x - I haven't seen it on an assessment yet.
>Not really my scene, but Didi, our head of R&D (who leads our
>wireless testing) may have.
The person Pete mentioned above is me! So to answer your question, I
have only seen 802.1x via RADIUS implemented twice out of about 15
wireless audits...
> >For wireless I pretty much just use Kisment/Aircrack-NG, but I'm really
> >interested in wicrawl. Anyone using it on pentests yet?
>
>Gonna have to ask Didi this, but mostly she uses a wireless packet
>sniffer and analyses the results manually, making most tools
>unnecessary. We did invest in Airopeek (I think) recently but
>haven't played with it much yet.
I got so used to using packet sniffing for "casing the joint" in the
early days of wireless, I actually prefer it to a lot of the tools
that interpret the packets, so to speak, out there! Not least
because a lot of my work also involves investigating client devices
and their interactions! For me there's nothing like the "raw"
stuff! But then I am an old-ish fogey who still prefers to use CLI
FTP for managing our web site files than something GUI like FTP
Voyager! Yes, I think it's time I moved forward ;-)
Anyway, I haven't had the chance to play with Airopeek yet - that is
WIP for me. I am sad enough to say that I do really, really like the
GUI on NetStumbler that has many times helped me to physically locate
a rogue AP for example - faster than doing it from signal analysis
from packet sniffing. But since sometimes I want to physically
locate a client device, then packet sniffing using the SNR data is
the only way - unless anyone else knows a better one - I'd be really
interested if they did!??? Will have to have a look at wicrawl. I
do use Aircrack for proof-of-concept WEP stuff though and yes I do
sometimes use Kismet. It really depends on how low I have to go -
and/or how much detail and/or thoroughness the client wants.
Hope that helps
Best wishes
Didi
----------------------------------------------------------------------------------------------------------------------
Didi Barnes
Partner (Head of R&D)
First Base Technologies
www.fbtechies.co.uk
www.white-hats.co.uk
--------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:16 EDT