Maximum network discovery and fingerprinting distance with: |
Built-in client card antenna | ___ | 12 dBi omnidirectional | ___ |
15 dBi Yagi | ___ | 19 dBi directional | ___ |
ESSID security |
default | 
| company name |
|
closed |
| address |
|
other relevant information | ______________________________ |
Bypassing closed ESSID |
closed ESSID value | ______________________________ |
Bypassing MAC filtering |
success with MAC | ______________________________ |
Cracking WEP keys |
key 1 | ______________________________ |
key 2 | ______________________________ |
key 3 | ______________________________ |
key 4 | ______________________________ |
cracking time | ___ | cracking tool | ___ |
WEP cracking acceleration |
| time saved | ___ |
traffic injection tool | ___ | type of traffic injected | ___ |
Brute-forcing 802.1x access |
password guessed | ______________________________ |
Other 802.1x attacks | Comments | ______________________________ |
Wireless man-in-the-middle attacks |
| | | Tool _________________ |
layer 1 attack (comments) | ______________________________ |
layer 2 attack (comments) | ______________________________ |
DoS attack resilience / detection (comments) | |
deauthentication flood | ______________________________ | | | | |
deassociation flood | ______________________________ | | | | |
malformed frames flood | ______________________________ | | | | |
excessive beacon flood | ______________________________ | | | | |
authentication flood | ______________________________ | | | | |
probe requests flood | ______________________________ | | | | |
Other attacks | ______________________________ | | | | |
Wireless traffic interception / analysis | | | | |
packets per minute | ___ | | | | |
plaintext and plaintext authentication protocols detected |
| | | | |
POP3 |
| Telnet |
| | | | |
SMTP |
| FTP |
| | | | |
IMAP |
| HTTP |
| | | | |
NNTP |
| Instant messengers |
| | | | |
IRC |
| SQL |
| | | | |
PAP |
| LDAP |
| | | | |
Other | ______________________________ | | | | |
passwords/user credentials collected | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
weak encryption/vulnerable protocols detected | | | | |
LM/ NTLMv1 |
| SSHv1 |
| | | | |
Other | ______________________________ | | | | |
passwords cracked | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
username/password | ______________________________ | | | | |
UNIX remote services | ___ | type | ___ |
SMB shares on WLAN | ______________________________ |
NFS shares detected | ______________________________ |
DHCP traffic detected | ______________________________ |
HSRP/VRRP traffic detected | ______________________________ |
HSRP password | ______________________________ |
VRRP authentication | ______________________________ |
VRRP password | ______________________________ |
CDP traffic detected | ______________________________ |
CDP data gathered | ______________________________ |
ICMP type 9/10 implementation |
| RIPv1 running |
|
Unauthenticated routing protocols over wireless network |
RIPv2 |
| OSPF |
|
IGRP |
| EIGRP |
|
IS-IS |
| IPX RIP |
|
NLSP |
| Other ________________ | |
Unauthenticated NTP traffic |
| SNMP traffic |
|
SNMP communities found | ___ | SNMP version | ___ |
NetBIOS over IPX traffic |
| AppleTalk traffic |
|
DecNet traffic |
| Banyan Vines traffic |
|
SNA traffic |
| Other ________________ |
|
Remote administration traffic | | | |
VNC |
| PCAnywhere |
|
Webmin |
| Other ________________ |
|
Remote X Server cookies |
| | | | |
Syslog traffic |
| over UDP |
|
| | | | | over TCP |
|
Passive OS fingerprinting | _________________________________ | | | | | | |
Gateway discovery (IP) | _________________________________ | | | | | | |
IDS host discovery | _________________________________ | | | | | | |
ARP spoofing man-in-the-middle attack | _________________________________ | | | | | | |
Switch CAM table flooding | _________________________________ | | | | | | |
Route injection attacks | _________________________________ | | | | | | |
ICMP route redirection | _________________________________ | | | | | | |
DNS cache poisoning | _________________________________ | | | | | | |
DHCP DoS attacks | _________________________________ | | | | | |
Tunneling protocols attack | _________________________________ | | | | | |
VPN enumeration | _________________________________ | | | | | |
VPN-related attacks | _________________________________ | | | | | | |
Active OS fingerprinting | _________________________________ | | | | | | |
Discovered backdoors / backchannel traffic | _________________________________ | | | | | | |
Banner grabbing and host penetration—penetrated hosts () | | | | | | |
IP/hostname:vulnerability | _________________________________ | | | | | | |
IP/hostname:vulnerability | _________________________________ | | | | | | |
IP/hostname:vulnerability | _________________________________ | | | | | | |
Network / host DoS resilience testing | | | | | | |
attack/host/result | _________________________________ | | | | | | |
attack/host/result | _________________________________ | | | | | | |
attack/host/result | _________________________________ | | | | | | |
Egress filtering firewall testing from the wireless site | _________________________________ | | | | | | |
Physical security issues discovered | _________________________________ | | | | | | |
Social engineering attacks | _________________________________ | | | | | | |
