sil, to be honest that has little to do with the OP other then the fact that it makes more sense to go physical if there are NATs making external attacks more dificult and with the lack of static IPs some networks use a client system's hostname as a sub domain i don't know why but it does happen so you can find targets that way and static IPed systems such as DNS servers or FTP servers are often vulnerable targets.
Didn't see this response before so I'll answer now... While you would *think* that it would make sense to go after wireless networks, the reality of it is, you'd waste a lot of time and money.
In a "cyberwarfare" scenario (remember this forum is based on that theory, nation state based cyberwarfare), there is a high cost associated with the following:
Placing individuals in a confined area (what are you strategically targeting... You will not get anywhere near a mil base)
Placing COMPETENT and CAPABLE individuals in these areas - trying to find someone who is fluent in WiSec and ALSO fluent in the language of their location is astronomical
Feasibility - What are the odds of a wireless network existing where you need it to be, are you wasting time, money, or other resources.
Politics is a huge factor in cyberwarfare. Most govs don't want to admit being aggressors, let alone getting caught with their pants down. So funding would be tricky
Politics - most in the cyberwarfare arena STILL follow certain rules of engagement. I can't speak much about this, but if you ask around to people in the know, they'd laugh about it as it would be career suicide in the mil/govspace
Webservers, ftp servers, etc., have been outsourced six ways from Sunday with the depletion of IPv4 space. It is RARE you can scan CIDR blocks and find openly vulnerable services on "networks that count" (your targets) which translates into waste of time money and resources.
Client side is where its at. For all the money you can throw around at any security exploitation (outside pentesting, webscanning, etc) you'd have a better chance of getting in via the client side vector versus trying to knock down the front door.