Access point(s)
Wireless Card(s)
Antenna(s)
Notebook or iPaq (no substitute)
Tinfoil hat
Official Blackwave FanClub pin and sticker
1 year subscription to google.com
Reading glasses
Cracker jack secret packet decoder ring
Soda
...

haha

now I know you are going to say:

"dipshit fuckhead, use google" but thats not what I am looking for here. I am looking specifically for the opinions, of the people of the defcon forums, and wondering what they think are some good starting points. And yes, I have searched google, and found some good stuff, and I am also getting another side, your side, so please try to lay off on the flaming.

gear?

Cards:

A wireless card with high recieve sensitivity, such as a Senao, Demarctec, or even a Cisco or Orinoco Card.

Advantages of the Demarctec And Senao cards are that they are based on the prism chipset, which means widespread driver support. And they have the best recieve sensitivity of any cards out there on the market meaning that you need less signal.

The Cisco cards are nice because they have a internal firmware channel hopper, which is superior to software channel hoppers.

The Orinoco cards also have excellent driver support.

You can check out specs on recieve sensitivity at http://www.freenetworks.org/moin/ind...iveSensitivity

You'll also want antennas that are omnidirectional, as well as directional. Different antenna types have different radiation patterns. Some vendors publish the radiation patterns of their antennas. I'd suggest something omnidirectional, that gives you about 7dB gain (after cable loss) and not going much higher than that because signals get thinner in omni antennas with higher gain. Then have a directional that really lets you zoom in on a specific network.


Software:
Linux drivers allow you to put cards into monitor mode. Monitor mode allows you to look at the raw data, in the air .... versus associating with a network first.

There's always kismet, available at http://kismetwireless.net
which you can compile, with support for ethereal compatible data dumps that you can go through. There's also a excellent utility called airtraf available at http://airtraf.sourceforge.net/ for linux. It's a 802.11 network analyzer, and will give you some statistics. tcpdump, is always useful with unix. Then there's airsnort, which can be used to "crack" the wep key. http://airsnort.shmoo.com - A interesting note is that some hardware has firmware updates, so that it does not generate the weak packets, which are needed to break wep. Still, wep doesn't mean you're safe, even if you have such hardware, because on a more advanced front, there's a 802.11 attack described at http://802.11ninja.net that is really scary. I'd suggest reading about it and selecting a security solution that isn't vulnerable to it.

Security solutions like Airfortress, and Airdefense are helpful in this area. If you really want to lock it down. =)

On the windows front, I haven't used much, but airopeek, has a demo available from http://www.wildpackets.com that you may find helpful.

Another interesting project, which isn't useful for securing a network, but is pretty neat to make a network harder to find is fakeap. Available at http://www.blackalchemy.to/project/fakeap/

Fakeap, is cool because it will create the illusion that there are so many wireless networks out there, that the bad guys scanning won't know which one to start with. If there are 500 networks out there, chances that they'll find yours in the honeypot is a lot less. It makes the card switch channels, spoof macs, chance essid, you specify the mac list, essid list, etc and it's pretty configurable.

I'd really reccomend layering the security. Segmenting the wireless lan off from the regular lan. And a IDS that looks for patterns generated by common attacks. I'm not the best person to talk to about any of this, but I hope that you've found what I've found to be interesting and helpful of use.

-Rusty

thank you

thank you very much rusty, that was very very helpfull.

BTW

Oh yeah, one more thing.



dipshit fuckhead, use google!@#@&!!@$@! =D





Glad I could help.

-Rusty