Maximum network discovery and fingerprinting distance with: |
Built-in client card antenna | ___ | 12 dBi omnidirectional | ___ |
15 dBi Yagi | ___ | 19 dBi directional | ___ |
ESSID security |
default | 
| company name | 
|
closed | 
| address | 
|
other relevant information | ______________________________ |
Bypassing closed ESSID |
closed ESSID value | ______________________________ |
Bypassing MAC filtering |
success with MAC | ______________________________ |
Cracking WEP keys |
key 1 | ______________________________ |
key 2 | ______________________________ |
key 3 | ______________________________ |
key 4 | ______________________________ |
cracking time | ___ | cracking tool | ___ |
WEP cracking acceleration | 
| time saved | ___ |
traffic injection tool | ___ | type of traffic injected | ___ |
Brute-forcing 802.1x access |
password guessed | ______________________________ |
Other 802.1x attacks | Comments | ______________________________ |
Wireless man-in-the-middle attacks | 
| | | Tool _________________ |
layer 1 attack (comments) | ______________________________ |
layer 2 attack (comments) | ______________________________ |
DoS attack resilience / detection (comments) | |
deauthentication flood | ______________________________ | | | | |
deassociation flood | ______________________________ | | | | |
malformed frames flood | ______________________________ | | | | |
excessive beacon flood | ______________________________ | | | | |
authentication flood | ______________________________ | | | | |
probe requests flood | ______________________________ | | | | |
Other attacks | ______________________________ | | | | |
Wireless traffic interception / analysis | | | | |
packets per minute | ___ | | | | |
plaintext and plaintext authentication protocols detected | 
| | | | |
POP3 | 
| Telnet | 
| | | | |
SMTP | 
| FTP | 
| | | | |
IMAP | 
| HTTP | 
| | | | |
NNTP | 
| Instant messengers | 
| | | | |
IRC | 
| SQL | 
| | | | |
PAP | 
| LDAP | 
| | | | |
Other | ______________________________ | | | | |
passwords/user credentials collected | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
weak encryption/vulnerable protocols detected | | | | |
LM/ NTLMv1 | 
| SSHv1 | 
| | | | |
Other | ______________________________ | | | | |
passwords cracked | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
UNIX remote services | ___ | type | ___ |
SMB shares on WLAN | ______________________________ |
NFS shares detected | ______________________________ |
DHCP traffic detected | ______________________________ |
HSRP/VRRP traffic detected | ______________________________ |
HSRP password | ______________________________ |
VRRP authentication | ______________________________ |
VRRP password | ______________________________ |
CDP traffic detected | ______________________________ |
CDP data gathered | ______________________________ |
ICMP type 9/10 implementation | 
| RIPv1 running | 
|
Unauthenticated routing protocols over wireless network |
RIPv2 | 
| OSPF | 
|
IGRP | 
| EIGRP | 
|
IS-IS | 
| IPX RIP | 
|
NLSP | 
| Other ________________ | |
Unauthenticated NTP traffic | 
| SNMP traffic | 
|
SNMP communities found | ___ | SNMP version | ___ |
NetBIOS over IPX traffic | 
| AppleTalk traffic | 
|
DecNet traffic | 
| Banyan Vines traffic | 
|
SNA traffic | 
| Other ________________ | 
|
Remote administration traffic | | | |
VNC | 
| PCAnywhere | 
|
Webmin | 
| Other ________________ | 
|
Remote X Server cookies | 
| | | | |
Syslog traffic | 
| over UDP | 
|
| | | | over TCP | 
|
Passive OS fingerprinting | _________________________________ | | | | | | |
Gateway discovery (IP) | _________________________________ | | | | | | |
IDS host discovery | _________________________________ | | | | | | |
ARP spoofing man-in-the-middle attack | _________________________________ | | | | | | |
Switch CAM table flooding | _________________________________ | | | | | | |
Route injection attacks | _________________________________ | | | | | | |
ICMP route redirection | _________________________________ | | | | | | |
DNS cache poisoning | _________________________________ | | | | | | |
DHCP DoS attacks | _________________________________ | | | | | |
Tunneling protocols attack | _________________________________ | | | | | |
VPN enumeration | _________________________________ | | | | | |
VPN-related attacks | _________________________________ | | | | | | |
Active OS fingerprinting | _________________________________ | | | | | | |
Discovered backdoors / backchannel traffic | _________________________________ | | | | | | |
Banner grabbing and host penetration—penetrated hosts () | | | | | | |
IP/hostname:vulnerability | _________________________________ | | | | | | |
IP/hostname:vulnerability | _________________________________ | | | | | | |
IP/hostname:vulnerability | _________________________________ | | | | | | |
Network / host DoS resilience testing | | | | | | |
attack/host/result | _________________________________ | | | | | | |
attack/host/result | _________________________________ | | | | | | |
attack/host/result | _________________________________ | | | | | | |
Egress filtering firewall testing from the wireless site | _________________________________ | | | | | | |
Physical security issues discovered | _________________________________ | | | | | | |
Social engineering attacks | _________________________________ | | | | | | |