Stealth Issues in Wireless Penetration Testing
A final issue you might need to consider is the level of
stealth while penetration testing. In some cases a high level of stealth can be
required to test the value of a deployed IDS system. Stealth in wireless network
attacks can be reached by doing the following:
-
Avoiding active scanning for networks
-
Using highly directional antennas
-
Decreasing the transmission power when dumping traffic
-
Intelligent MAC address spoofing
-
Removing specific wireless attack tools' signatures from the
code (reviewed in Chapter 15)
-
DoS attacks directed to knock out wireless IDS sensors (scroll
to Chapter 8 for more
information).
Of course, higher (third and upper) layer IDS avoidance
measures (partially covered in Chapter
9) are important when the postassociation attacks are carried out.
Watch for these pesky probe requests! Cisco Aironet cards might
still send probe requests when in RFMON mode. Although the issue has been solved in the Aironet modules eqipped with the 2.4.22 and
higher Linux kernel versions, it might be possible that under other operating
systems the probe requests are still sent. Besides, you might still use an older
kernel version.
Sections
Archive
Syndication
