Stealth Issues in Wireless Penetration Testing

A final issue you might need to consider is the level of stealth while penetration testing. In some cases a high level of stealth can be required to test the value of a deployed IDS system. Stealth in wireless network attacks can be reached by doing the following:

• Avoiding active scanning for networks

• Using highly directional antennas

• Decreasing the transmission power when dumping traffic

• Intelligent MAC address spoofing

• Removing specific wireless attack tools' signatures from the code (reviewed in Chapter 15)

• DoS attacks directed to knock out wireless IDS sensors (scroll to Chapter 8 for more information).

Of course, higher (third and upper) layer IDS avoidance measures (partially covered in Chapter 9) are important when the postassociation attacks are carried out.

Watch for these pesky probe requests! Cisco Aironet cards might still send probe requests when in RFMON mode. Although the issue has been solved in the Aironet modules eqipped with the 2.4.22 and higher Linux kernel versions, it might be possible that under other operating systems the probe requests are still sent. Besides, you might still use an older kernel version.