Re: Wireless pentesting requirements

From: Mister Coffee (live4java@stormcenter.net)
Date: Thu Jun 10 2004 - 17:54:13 EDT

• Next message: Cory Michal: "RE: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords)"
• Previous message: Andrew A. Vladimirov: "Re: Wireless pentesting requirements"
• In reply to: Andrew A. Vladimirov: "Re: Wireless pentesting requirements"
• Next in thread: Alvin Oga: "antenna - Re: Wireless pentesting requirements"
• Reply: Alvin Oga: "antenna - Re: Wireless pentesting requirements"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, Jun 10, 2004 at 10:14:09PM +0100, Andrew A. Vladimirov wrote:
> Mister Coffee wrote:
<<snip>>
> >
> >Good point, but as mentioned, it depends on what you're doing. If I'm
> >trying to locate and ID the site's AP's, I'd be looking at different
> >antenna performance than if I was trying to get into a specific AP.
> >
> >For a targeted test against a specific AP, I'd agree. Gain is King.
>
> True enough, but the guy who initiated the thread was asking
> specifically about pentesting. Thus, I'm trying to give him an answer as
> "blackhattish" as it can be :)
> i
Good call that. I considered initial location part of the pen-test, but that's just me. Of course, having several antennas and cards in your kit can't hurt. Say, an intermediate gain/beamwidth antenna for finding the AP's, then a high gain narrow beamwidth antenna for the actual penetration.

>
<<snip>>
> >
> >I'll defer to your experience here. Most of my work's been either with
> >extending range or site surveying where the Cisco cards worked well for
> >me.
>
> Most of the wireless stuff we do involves mangling custom 802.11 frames,
> injecting traffic into the network without knowing WEP, accelerating WEP
> cracking, phishing and guessing users credentials etc. - Wi-Foo
> (www.wi-foo.com) describes it all pretty much. For all of this, open
> specs for both firmware and drivers are vital.
> >
Good reference site, definately.

I should see about compiling a list of good antenna sites for those who are interested. There's some sweet commercial gear, but it's expensive. You can build some very nice home brew antennas, of course, there's a lot of good information on antenna design (there's a number of places to get the calcs for building a Yagi, for example), but not much -inexpensive- test gear in that range, or information on coupling, that I've seen.

> >You'd be amazed at the range you can drag out of a 2M dish...
>
> You forgot a 2W bi-amplifier and 500mW Demarctech AP :) The only
> possible side effect is KFS (Kentucky Fried Sysadmin)...
>
Well, if I leave out the 2 watt amp, I'm less likely to have Uncle Charlie knocking on my door. At least in the US. Of course, being licensed in that band helps ;) . . .

> Cheers,
> Andrew
> >
Cheers,
L4J

• Next message: Cory Michal: "RE: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords)"
• Previous message: Andrew A. Vladimirov: "Re: Wireless pentesting requirements"
• In reply to: Andrew A. Vladimirov: "Re: Wireless pentesting requirements"
• Next in thread: Alvin Oga: "antenna - Re: Wireless pentesting requirements"
• Reply: Alvin Oga: "antenna - Re: Wireless pentesting requirements"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT