RE: Wardialing

From: Dawes, Rogan (ZA - Johannesburg) (rdawes@deloitte.co.za)
Date: Tue Sep 10 2002 - 02:01:09 EDT

• Next message: Anthony D Cennami: "Re: OpenSSH"
• Previous message: John Madden: "Wardialing"
• Maybe in reply to: John Madden: "Wardialing"
• Next in thread: Erik Parker: "RE: Wardialing"
• Reply:(deleted message) Erik Parker: "RE: Wardialing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To the best of my knowledge, the baud rate is only a factor in actually
achieving the connection with the modem. If you dial the modem, and manage
to negotiate a mutually agreeable baud rate (done automatically for you by
the modem protocol), and your modem reports "CONNECT <rate>", you should be
able to talk to the underlying/listening application at that rate, unless
the recipient modem is badly set up.

I haven't seen many applications where the baud rate is actually hard-coded,
or enforced. Most applications are happy to talk as fast as they can, hence
the use of flow-control protocols . . .

Determining the parity settings is a slightly different task.

As I understand it, the raw data received can be "post-processed" to
determine the parity settings. I also have not seen any tool to do it, but I
understand that ToneLoc actually does this "auto-parity" determination
somehow.

Somewhere on my hard drive I have some terminal emulator programs that have
parity calculation routines in them. I got them off the net, so you could
probably find them faster than I can at this point! (I found them about
three years ago while trying to write my own war dialler in perl!)

Good luck!

Rogan

> -----Original Message-----
> From: John Madden [mailto:chiwawa999@yahoo.com]
> Sent: 08 September 2002 02:46
> To: pen-test@securityfocus.com
> Subject: Wardialing
>
>
> Hello all,
>
> When doing a wardialing engagement we come across alot
> of "unknown" carrier detects. I'm looking for a way to
> find out the exact baud rate of the modem answering.
> The modem will answer say at 9600 but the program
> behind it migth run at a completely different rate
> (specially the older programs)
>
> Some dialing software will auto-sense the emulation
> but you have to give it default baud rate. But if that
> modem is listening for 1200 baud 7E1, you have alot of
> combination to try. I was wondering if anyone has any
> experience on the matter.
>
> I know that software like Phonesweep, THC etc.. but
> they don't do the trick to find the exact baud rate.
>
> Any ideas on the matter ?
>
> Thanks
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Finance - Get real-time stock quotes
> http://finance.yahoo.com
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Anthony D Cennami: "Re: OpenSSH"
• Previous message: John Madden: "Wardialing"
• Maybe in reply to: John Madden: "Wardialing"
• Next in thread: Erik Parker: "RE: Wardialing"
• Reply:(deleted message) Erik Parker: "RE: Wardialing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT