Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Wireless Cards for pen testing?
From: "Nikhil Das" <nikhil () securebydesign net>
Date: Fri, 11 Aug 2006 13:04:56 +0400

Thanks for the help everyone. I picked up the proxim b/g card. On an
additional note, I had to convince a CTO yesterday that his WEP network was
insecure, according to him his network is secure because he has ssid
broadcast switched off and MAC authentication switched on. 

        Now he says I have to prove it by gaining access to his network.
Well, am going to start my first pen test...wish me luck 

Nikhil

-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa () pacbell net] 
Sent: Friday, August 11, 2006 6:19 AM
To: Sean Calista
Cc: jpippin; nikhildas () gmail com; pen-test () securityfocus com
Subject: Re: Wireless Cards for pen testing?

Don't know if they still offer it.. but SANS used to sell them at their 
conferences..
bet they still do since it's on their web site....
https://store.sans.org/store_category.php?category=merchandis
Scroll to the bottom and you can see the Orinoco there.

I have an old 'b' version that is still the best rock solid card around.

Sean Calista wrote:
Hi,

I would recommend getting a prism chipset or a Orinoco chipset. I have
the SENAO NL-2511CD EXT2 (prism chipset) and a Cisco Aironet 350. Using
Kismet and tools for wep cracking work great with my Cisco Aironet 350.
However if you want to use a program such as void11 to perform
de_authenication and use the HostAP drivers you need to have a prism
chipset based card. Prism chipset based cards are an all around great
chipset, It works well performing wep and wpa cracking and still has the
ability to work with most penetration testing tools. Note : The Senao
NL-2511cd does not have a internal antenna. I bought a small MMCX
antenna that hooks into it. I also use a 7db and a 14db antenna(yagi) as
well. My Senao works great with void 11,wep_crack,kismet,airdump, and
other tools on  backtrack and auditor.

-----Original Message-----
From: jpippin [mailto:jpippin () gmail com] 
Sent: Thursday, August 10, 2006 2:56 AM
To: nikhildas () gmail com; pen-test () securityfocus com
Subject: RE: Wireless Cards for pen testing?

Get an Orinoco Gold with the Hermes2 chipset. Then use the Backtrack
LiveCD
and you're set to pen-test.

Joel Pippin
President
Secure Network Administration, Inc.
919.260.5759 

 

-----Original Message-----
From: nikhildas () gmail com [mailto:nikhildas () gmail com] 
Sent: Wednesday, August 09, 2006 3:43 AM
To: pen-test () securityfocus com
Subject: Wireless Cards for pen testing?

Hi,

   im jus starting out at a security firm and have been put in charge of
getting my own kit because the person in charge is on leave. i will be
starting out with wired network audits but i have been given a free run
of
the wireless section too. 

         

             could u recommend some cards that are supported by all
security
test software? eg airsnort/kismet? will i need to purchase one of each
chipset? ie prism2/atheros. i need windows and linux support. thanks 

------------------------------------------------------------------------
----
--
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise, you need to proactively protect your applications from hackers.
Cenzic
has the most comprehensive solutions to meet your application security
penetration testing and vulnerability management needs. You have an
option
to go with a managed service (Cenzic ClickToSecure) or an enterprise
software (Cenzic Hailstorm). Download FREE whitepaper on how a managed
service can help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
----
--


------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's 
Choice Award from eWeek. As attacks through web applications continue to
rise, 
you need to proactively protect your applications from hackers. Cenzic
has the 
most comprehensive solutions to meet your application security
penetration 
testing and vulnerability management needs. You have an option to go
with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm
your 
results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------




----------------------------------------------------------------------------
--
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's 
Choice Award from eWeek. As attacks through web applications continue to
rise, 
you need to proactively protect your applications from hackers. Cenzic has
the 
most comprehensive solutions to meet your application security penetration

testing and vulnerability management needs. You have an option to go with
a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your

results from other product. Contact us at request () cenzic com for details.

----------------------------------------------------------------------------
--


  

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will
hunt you down...
http://blogs.technet.com/sbs


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]