Re: Wireless pentesting requirements

["Andrew A. Vladimirov" <mlists () arhont com>]

Mister Coffee wrote:
> On Sun, Jun 06, 2004 at 08:34:16PM -0000, mak_pen () hotmail com wrote:
>
>
> The answer is, of course, "It depends on your situation."  Personally, I like helical antennas, thought Yagi's have a large following.  If you're talking about an exterior walk-around, you can probably get away with any number of small antennas.  

Why to go for the small, gain does matter :) So does narrow beamwidth.
> As for wireless card . . . I'm kind of partial to the Cisco cards myself.  If you're working with external antennas, then 
> you'll want one that's easy to adapt.  The less surgery you have to do on the card, the easier your life will be.

Cisco Aironet 350 LMC cards have excellent external MMCX connectors and 
very good receive sensitivity. The automatic firmware-level channel 
hopping means less hustle when scanning around. However, it also means 
that you won't be able to lock the card on a single channel when in 
RFMON. Also, not all specs are open to the general public, because of 
that there is nothing like Airjack or HostAP (and tools that are built 
using these wonderful drivers) for Cisco Aironet series.

Verdict: a wonderful card for wardriving and site surveying, but pretty 
useless for serious wireless pentesting unless you are seriously into 
firmware reverse engineering.

Cheers,
Andrew

--
Dr. Andrew A. Vladimirov
CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+
CSO
Arhont Ltd - Information Security.

Web: http://www.arhont.com
     http://www.wi-foo.com
Tel: +44 (0)870 44 31337
Fax: +44 (0)117 969 0141
GPG: Key ID - 0x1D312310
GPG: Server - gpg.arhont.com