Perhaps it will, but that requires a separate connection most times. I.e. dial up again. I would like to do this reliably in the most efficient manner possible. My intention is to make some kind of state table. e.g. Dial number Got input? Yes - Go to "classify input" No (after timeout period) - go to "Nudge" Classify input Input looks like PPP (i.e. contains lots of {{{{{{ ) - Classify as PPP dial up - go to "PPP Brute Force" Input looks like text - go to "identify banner" Nudge Prompt with NT RAS string - go to "Got input?" Prompt with CRLF - go to "Got input?" Identify banner Text contains login: - classify as "shell account" - go to "Enter password" Text contains "AIX" - classify as IBM RS/6000 Text contains "@login" - classify as Shiva etc The difference between PPP and NT RAS is that the PPP server seems to spew {{{{{'s to initiate the connection - play with wvdial for a bit to see how it "intelligently" negotiates a dial-up connection. NT RAS on the other hand sits silent until a special character sequence is sent, typically containing non-printable/keyboard enterable characters. I have attached my Perl program - it's VERY rough, so don't expect much from it. At the moment, the most interesting thing about it is its ability to speak to a serial port! It expects a list of numbers on STDIN, and logs its findings to ${number}.asc and ${number}.bin. Rogan -----Original Message----- From: olle [mailto:olleat_private] Sent: 26 September 2001 02:16 To: Dawes, Rogan (ZA - Johannesburg) Cc: pen-testat_private Subject: Re: FW: RE Modem identification On Tue, Sep 25, 2001 at 10:01:01AM +0200, Dawes, Rogan (ZA - Johannesburg) wrote: > > Re the prompting, one of the most common "Silent" modems seems to be Windows > NT RAS. This sits there until you give it a particular string. I am > intending to capture the initial string using PortMon, and replay it blindly > whenever I get no initial characters. That should help identify a number of > systems, I think. NT RAS is just PP with MSCHAP authentication. pppd will suffice both to identify and bf NT RAS. /olle
This archive was generated by hypermail 2b30 : Wed Sep 26 2001 - 08:04:12 PDT