No announcement yet.

question for wireless gear

  • Filter
  • Time
  • Show
Clear All
new posts

  • question for wireless gear

    I searched the board, seeing if I could find this, and I just wanted to ask the opinion of the wireless guru's:

    What would be some good starting gear for someone who wants to get more involved with wireless security, etc?

  • #2
    Access point(s)
    Wireless Card(s)
    Notebook or iPaq (no substitute)
    Tinfoil hat
    Official Blackwave FanClub pin and sticker
    1 year subscription to
    Reading glasses
    Cracker jack secret packet decoder ring
    if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


    • #3

      now I know you are going to say:

      "dipshit fuckhead, use google" but thats not what I am looking for here. I am looking specifically for the opinions, of the people of the defcon forums, and wondering what they think are some good starting points. And yes, I have searched google, and found some good stuff, and I am also getting another side, your side, so please try to lay off on the flaming.


      • #4


        A wireless card with high recieve sensitivity, such as a Senao, Demarctec, or even a Cisco or Orinoco Card.

        Advantages of the Demarctec And Senao cards are that they are based on the prism chipset, which means widespread driver support. And they have the best recieve sensitivity of any cards out there on the market meaning that you need less signal.

        The Cisco cards are nice because they have a internal firmware channel hopper, which is superior to software channel hoppers.

        The Orinoco cards also have excellent driver support.

        You can check out specs on recieve sensitivity at

        You'll also want antennas that are omnidirectional, as well as directional. Different antenna types have different radiation patterns. Some vendors publish the radiation patterns of their antennas. I'd suggest something omnidirectional, that gives you about 7dB gain (after cable loss) and not going much higher than that because signals get thinner in omni antennas with higher gain. Then have a directional that really lets you zoom in on a specific network.

        Linux drivers allow you to put cards into monitor mode. Monitor mode allows you to look at the raw data, in the air .... versus associating with a network first.

        There's always kismet, available at
        which you can compile, with support for ethereal compatible data dumps that you can go through. There's also a excellent utility called airtraf available at for linux. It's a 802.11 network analyzer, and will give you some statistics. tcpdump, is always useful with unix. Then there's airsnort, which can be used to "crack" the wep key. - A interesting note is that some hardware has firmware updates, so that it does not generate the weak packets, which are needed to break wep. Still, wep doesn't mean you're safe, even if you have such hardware, because on a more advanced front, there's a 802.11 attack described at that is really scary. I'd suggest reading about it and selecting a security solution that isn't vulnerable to it.

        Security solutions like Airfortress, and Airdefense are helpful in this area. If you really want to lock it down. =)

        On the windows front, I haven't used much, but airopeek, has a demo available from that you may find helpful.

        Another interesting project, which isn't useful for securing a network, but is pretty neat to make a network harder to find is fakeap. Available at

        Fakeap, is cool because it will create the illusion that there are so many wireless networks out there, that the bad guys scanning won't know which one to start with. If there are 500 networks out there, chances that they'll find yours in the honeypot is a lot less. It makes the card switch channels, spoof macs, chance essid, you specify the mac list, essid list, etc and it's pretty configurable.

        I'd really reccomend layering the security. Segmenting the wireless lan off from the regular lan. And a IDS that looks for patterns generated by common attacks. I'm not the best person to talk to about any of this, but I hope that you've found what I've found to be interesting and helpful of use.



        • #5
          thank you

          thank you very much rusty, that was very very helpfull.


          • #6

            Oh yeah, one more thing.

            dipshit fuckhead, use google!@#@&!!@$@! =D

            Glad I could help.