Re: Wardialing

From: Nick Jacobsen (nick@ethicsdesign.com)
Date: Thu Sep 19 2002 - 00:48:39 EDT

• Next message: Dave Piscitello: "RE: Application & Iplanet/Apache web server vulnerability and pen etration testing"
• Previous message: Eric: "Re: Best Book For The Penetration Testing Methodology"
• In reply to: Philippe Langlois: "Re: Wardialing"
• Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: Wardialing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I will look for the actual name of the application, since I can't remember
it offhand, but at NetSec '01 general dynamics was presenting a java-based
telecommunications war-dialer/vulnerability scanner that did everything from
fax/modem detect, to screen capture, to ISDN, and even supported Signal7
protocal, along with others... I was told by one of the design engineers
that it had been developed fro the military, but they recieved permission to
release it commercially. If you would be interested, I can look through my
lit from the conferance, and find the product name...

Nick Jacobsen,
Ethics Design,
nick@ethicsdesign.com
----- Original Message -----
From: "Philippe Langlois" <phil@oaxaca.jah.net>
To: "Erik Parker" <eparker@mindsec.com>
Cc: <pen-test@securityfocus.com>
Sent: Tuesday, September 17, 2002 4:01 PM
Subject: Re: Wardialing

> Erik,
>
> As i was trying to find some information about wardialing, I saw this
> tool by Immutec which seems to be available for free for evaluation:
>
> http://www.immutec.com/htm/04products/tmap.html#
>
> It's the first tool I see which uses ISDN to audit ISDN lines, analog
> modems and detect FAX and voice too. That's a very interesting
> applicatoin indeed, i wished there was an open source version of this.
>
> This was announced on the list earlier:
> http://online.securityfocus.com/archive/101/283981/2002-07-21/2002-07-27/0
> or (if securityfocus is unreachable):
>
http://216.239.39.100/search?q=cache:CB_JnGqXnwsC:online.securityfocus.com/a
rchive/101/283981/2002-07-21/2002-07-27/0+pen-test+tmap&hl=en&ie=UTF-8
> (google cache)
>
> By the way, THC-Scan has a hard time working on fast machines due to a
> CRT library time-delay calibration that fails during start-up. Did
> anyone make a fixed package of THC-Scan?
>
> Also to be mentionned is "PhoneTag" under windows.
>
> Best regards,
> Philippe Langlois.
> http://www.wavesecurity.com - Wireless LAN security scanner & IDS
> http://www.TSTForce.com - Security consulting
>
>
> On Wed, Sep 11, 2002 at 04:16:06PM -0500, Erik Parker wrote:
> >
> >I had done some testing with this.. and looked a few different dialers..
> >Phonesweep, THC, and Telesweep. Telesweep seemed to be the best, but
all
> >lack baud detection.
> >
> >Modems usually attempt to negotiate at the highest rate possible, but
consider
> >this scenario:
> >
> >You plug a 33.6 modem into your Cisco router.. You war dial it with a
56k
> >modem.. it negotiates somewhere around 33.6.. But, the Cisco only speaks
9600
> >baud.. You'll get crap back.
> >
> >No war dialer I've found will try and keep dialing to detect what the
proper
> >rate should be, looking for valid text.. or try and automatically
renegotiate
> >the settings (parity, stop bits, etc).
> >
> >I believe it's a trivial feature to add in to scanners.. but most
commercial
> >scanners won't add it, because either they don't know how to detect/guess
> >valid responses from a system.. or think clients won't use them because
it may
> >require making 50+ calls to a single box before finding something.
Personally,
> >I don't care how many calls it takes.. our clients are paying for it, not
us.
> >
> >A ghettomethod is to use minicom, redirect logs to a file, and build a
few
> >dozen configuration files.. and make your tape monkey take a break from
> >changing backup tapes, and scroll through logs looking for valid results.
> >
> >
> >
> >> To the best of my knowledge, the baud rate is only a factor in actually
> >> achieving the connection with the modem. If you dial the modem, and
manage
> >> to negotiate a mutually agreeable baud rate (done automatically for you
by
> >> the modem protocol), and your modem reports "CONNECT <rate>", you
should be
> >> able to talk to the underlying/listening application at that rate,
unless
> >> the recipient modem is badly set up.
> >
> >
>
>---------------------------------------------------------------------------
-
> >This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> >Service. For more information on SecurityFocus' SIA service which
> >automatically alerts you to the latest security vulnerabilities please
see:
> >https://alerts.securityfocus.com/
> >
>
> --------------------------------------------------------------------------

--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Dave Piscitello: "RE: Application & Iplanet/Apache web server vulnerability and pen etration testing"
• Previous message: Eric: "Re: Best Book For The Penetration Testing Methodology"
• In reply to: Philippe Langlois: "Re: Wardialing"
• Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: Wardialing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT