Depends how blind it needs to be... Option 1. Call several different people at the company during lunch, and leaving messages requesting that they call you back at a number which has caller ID. Make sure you have a believable pitch to give them, otherwise they may suspect you and warn others not to call the number. Do this over several days, and you should get a good sampling of the different voice lines that they have. This may or may not provide any good information on what their data lines are (contrary to some other posts, the numbers are often not consecutive, especially when the data lines are added at a different time than the data lines were set up). Option 2. Dumpster diving (long shot.. It'd be real dumb for them to put the phone bill in the garbage unshredded.) Option 3. Mail scoop, i.e. pick up the phone bill out of the mailbox (get explicit permission if you're going to try this! tampering with the mail is a federal offense!!). Option 4. Call their facilities manager, and tell them that your company (SomeMadeUpName Telco) is offering a guaranteed 33% savings on local phone service, all they have to do is send you a copy of a recent phone bill, and you'll send them a price quote! Best of luck, remember, the people are the weakest link! --SG ----- Original Message ----- From: "John Smith" <netguardianrzat_private> To: <pen-testat_private> Sent: Tuesday, May 07, 2002 5:09 PM Subject: DID Range Enumeration > I apologize if this is a double post, but my > connection was cut when I tried to send the first > time. > > Does anyone know of a method to identify the DID > ranges assigned to a company? As part of a blind > pen-test I have been asked to complete a war dial, but > the company does not want to give me the ranges. > > I would greatly appreciate any help. > > Thanx > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - your guide to health and wellness > http://health.yahoo.com > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri May 10 2002 - 09:01:34 PDT