From: Philippe Langlois (phil@jah.net)
Date: Tue Sep 17 2002 - 19:01:26 EDT
Erik,
As i was trying to find some information about wardialing, I saw this
tool by Immutec which seems to be available for free for evaluation:
http://www.immutec.com/htm/04products/tmap.html#
It's the first tool I see which uses ISDN to audit ISDN lines, analog
modems and detect FAX and voice too. That's a very interesting
applicatoin indeed, i wished there was an open source version of this.
This was announced on the list earlier:
http://online.securityfocus.com/archive/101/283981/2002-07-21/2002-07-27/0
or (if securityfocus is unreachable):
http://216.239.39.100/search?q=cache:CB_JnGqXnwsC:online.securityfocus.com/archive/101/283981/2002-07-21/2002-07-27/0+pen-test+tmap&hl=en&ie=UTF-8
(google cache)
By the way, THC-Scan has a hard time working on fast machines due to a
CRT library time-delay calibration that fails during start-up. Did
anyone make a fixed package of THC-Scan?
Also to be mentionned is "PhoneTag" under windows.
Best regards,
Philippe Langlois.
http://www.wavesecurity.com - Wireless LAN security scanner & IDS
http://www.TSTForce.com - Security consulting
On Wed, Sep 11, 2002 at 04:16:06PM -0500, Erik Parker wrote:
>
>I had done some testing with this.. and looked a few different dialers..
>Phonesweep, THC, and Telesweep. Telesweep seemed to be the best, but all
>lack baud detection.
>
>Modems usually attempt to negotiate at the highest rate possible, but consider
>this scenario:
>
>You plug a 33.6 modem into your Cisco router.. You war dial it with a 56k
>modem.. it negotiates somewhere around 33.6.. But, the Cisco only speaks 9600
>baud.. You'll get crap back.
>
>No war dialer I've found will try and keep dialing to detect what the proper
>rate should be, looking for valid text.. or try and automatically renegotiate
>the settings (parity, stop bits, etc).
>
>I believe it's a trivial feature to add in to scanners.. but most commercial
>scanners won't add it, because either they don't know how to detect/guess
>valid responses from a system.. or think clients won't use them because it may
>require making 50+ calls to a single box before finding something. Personally,
>I don't care how many calls it takes.. our clients are paying for it, not us.
>
>A ghettomethod is to use minicom, redirect logs to a file, and build a few
>dozen configuration files.. and make your tape monkey take a break from
>changing backup tapes, and scroll through logs looking for valid results.
>
>
>
>> To the best of my knowledge, the baud rate is only a factor in actually
>> achieving the connection with the modem. If you dial the modem, and manage
>> to negotiate a mutually agreeable baud rate (done automatically for you by
>> the modem protocol), and your modem reports "CONNECT <rate>", you should be
>> able to talk to the underlying/listening application at that rate, unless
>> the recipient modem is badly set up.
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT