Erik, As i was trying to find some information about wardialing, I saw this tool by Immutec which seems to be available for free for evaluation: http://www.immutec.com/htm/04products/tmap.html# It's the first tool I see which uses ISDN to audit ISDN lines, analog modems and detect FAX and voice too. That's a very interesting applicatoin indeed, i wished there was an open source version of this. This was announced on the list earlier: http://online.securityfocus.com/archive/101/283981/2002-07-21/2002-07-27/0 or (if securityfocus is unreachable): http://216.239.39.100/search?q=cache:CB_JnGqXnwsC:online.securityfocus.com/archive/101/283981/2002-07-21/2002-07-27/0+pen-test+tmap&hl=en&ie=UTF-8 (google cache) By the way, THC-Scan has a hard time working on fast machines due to a CRT library time-delay calibration that fails during start-up. Did anyone make a fixed package of THC-Scan? Also to be mentionned is "PhoneTag" under windows. Best regards, Philippe Langlois. http://www.wavesecurity.com - Wireless LAN security scanner & IDS http://www.TSTForce.com - Security consulting On Wed, Sep 11, 2002 at 04:16:06PM -0500, Erik Parker wrote: > >I had done some testing with this.. and looked a few different dialers.. >Phonesweep, THC, and Telesweep. Telesweep seemed to be the best, but all >lack baud detection. > >Modems usually attempt to negotiate at the highest rate possible, but consider >this scenario: > >You plug a 33.6 modem into your Cisco router.. You war dial it with a 56k >modem.. it negotiates somewhere around 33.6.. But, the Cisco only speaks 9600 >baud.. You'll get crap back. > >No war dialer I've found will try and keep dialing to detect what the proper >rate should be, looking for valid text.. or try and automatically renegotiate >the settings (parity, stop bits, etc). > >I believe it's a trivial feature to add in to scanners.. but most commercial >scanners won't add it, because either they don't know how to detect/guess >valid responses from a system.. or think clients won't use them because it may >require making 50+ calls to a single box before finding something. Personally, >I don't care how many calls it takes.. our clients are paying for it, not us. > >A ghettomethod is to use minicom, redirect logs to a file, and build a few >dozen configuration files.. and make your tape monkey take a break from >changing backup tapes, and scroll through logs looking for valid results. > > > >> To the best of my knowledge, the baud rate is only a factor in actually >> achieving the connection with the modem. If you dial the modem, and manage >> to negotiate a mutually agreeable baud rate (done automatically for you by >> the modem protocol), and your modem reports "CONNECT <rate>", you should be >> able to talk to the underlying/listening application at that rate, unless >> the recipient modem is badly set up. > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 13:26:10 PDT