I will look for the actual name of the application, since I can't remember it offhand, but at NetSec '01 general dynamics was presenting a java-based telecommunications war-dialer/vulnerability scanner that did everything from fax/modem detect, to screen capture, to ISDN, and even supported Signal7 protocal, along with others... I was told by one of the design engineers that it had been developed fro the military, but they recieved permission to release it commercially. If you would be interested, I can look through my lit from the conferance, and find the product name... Nick Jacobsen, Ethics Design, nickat_private ----- Original Message ----- From: "Philippe Langlois" <philat_private> To: "Erik Parker" <eparkerat_private> Cc: <pen-testat_private> Sent: Tuesday, September 17, 2002 4:01 PM Subject: Re: Wardialing > Erik, > > As i was trying to find some information about wardialing, I saw this > tool by Immutec which seems to be available for free for evaluation: > > http://www.immutec.com/htm/04products/tmap.html# > > It's the first tool I see which uses ISDN to audit ISDN lines, analog > modems and detect FAX and voice too. That's a very interesting > applicatoin indeed, i wished there was an open source version of this. > > This was announced on the list earlier: > http://online.securityfocus.com/archive/101/283981/2002-07-21/2002-07-27/0 > or (if securityfocus is unreachable): > http://216.239.39.100/search?q=cache:CB_JnGqXnwsC:online.securityfocus.com/a rchive/101/283981/2002-07-21/2002-07-27/0+pen-test+tmap&hl=en&ie=UTF-8 > (google cache) > > By the way, THC-Scan has a hard time working on fast machines due to a > CRT library time-delay calibration that fails during start-up. Did > anyone make a fixed package of THC-Scan? > > Also to be mentionned is "PhoneTag" under windows. > > Best regards, > Philippe Langlois. > http://www.wavesecurity.com - Wireless LAN security scanner & IDS > http://www.TSTForce.com - Security consulting > > > On Wed, Sep 11, 2002 at 04:16:06PM -0500, Erik Parker wrote: > > > >I had done some testing with this.. and looked a few different dialers.. > >Phonesweep, THC, and Telesweep. Telesweep seemed to be the best, but all > >lack baud detection. > > > >Modems usually attempt to negotiate at the highest rate possible, but consider > >this scenario: > > > >You plug a 33.6 modem into your Cisco router.. You war dial it with a 56k > >modem.. it negotiates somewhere around 33.6.. But, the Cisco only speaks 9600 > >baud.. You'll get crap back. > > > >No war dialer I've found will try and keep dialing to detect what the proper > >rate should be, looking for valid text.. or try and automatically renegotiate > >the settings (parity, stop bits, etc). > > > >I believe it's a trivial feature to add in to scanners.. but most commercial > >scanners won't add it, because either they don't know how to detect/guess > >valid responses from a system.. or think clients won't use them because it may > >require making 50+ calls to a single box before finding something. Personally, > >I don't care how many calls it takes.. our clients are paying for it, not us. > > > >A ghettomethod is to use minicom, redirect logs to a file, and build a few > >dozen configuration files.. and make your tape monkey take a break from > >changing backup tapes, and scroll through logs looking for valid results. > > > > > > > >> To the best of my knowledge, the baud rate is only a factor in actually > >> achieving the connection with the modem. If you dial the modem, and manage > >> to negotiate a mutually agreeable baud rate (done automatically for you by > >> the modem protocol), and your modem reports "CONNECT <rate>", you should be > >> able to talk to the underlying/listening application at that rate, unless > >> the recipient modem is badly set up. > > > > > >--------------------------------------------------------------------------- - > >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > >Service. For more information on SecurityFocus' SIA service which > >automatically alerts you to the latest security vulnerabilities please see: > >https://alerts.securityfocus.com/ > > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Sep 19 2002 - 13:29:19 PDT