Network Footprinting
Do an in-depth Internet search about the target area or
corporation. Never underestimate the power of Google. The area you are going to
map for expected WLANs could've been mapped by someone else before, with results
published on the Web on some wardriving site, message board, or blog. There are
plenty of wireless community sites that publish information about public and
enthusiast wireless network locations and names. An example of such a site in
the United Kingdom is http://www.consume.net. A Royal London example of a consume.net community
WLAN map is shown in Figure 7-1 (but
there are far more wireless networks in that part of London than shown on a
given map, trust us). An interesting link about wireless network mapping in the
United States with further links to more specific community sites is http://www.cybergeography.org/atlas/wireless.html. Check it
out. The most broad and comprehensive list of wireless community networks
worldwide is published at WiGLE (http://www.wigle.net) that contains more than 1,000,000 WLANs
worldwide and http://www.personaltelco.net/index.cgi/WirelessCommunities.
You are likely to find some in your evaluation area simply by browsing the list.
Apart from finding the known site wireless networks by online searching, you
might also find useful information about possible sources of RF interference in
the area such as radio stations operating in microwave range, large industrial
complexes, and so on.
Conduct an extensive search and find out as much as you can
about the specific target and client network(s), both wireless and wired sides.
This is a normal footprinting procedure that must precede any penetration
testing mission independent of the network type. Is the wireless network somehow
accessible from the Internet? What is its topology? Size? Which protocols are
used? Which departments in the enterprise use it? Who set the network up and who
is the network administrator or manager? Is he or she known in the wireless
world, certified in wireless networking, or has he or she earned a relevant
degree? Did he or she ever post any questions, comments, or advice to relevant
message boards or newsgroups? You might be surprised how much information could
be available about the network you target. Of course, you should extract as much
information about the target network from your client management and administration and never miss an opportunity to use
social engineering to find out what they won't tell an outside consultant. You
don't have to be called "Kevin" to be a good social engineer; check the tips at
http://packetstormsecurity.nl/docs/social-engineering/ and use
common sense and situational adaptation to succeed.
Sections
Archive
Syndication
