mailing list archives
Re: [PEN-TEST] Modem detection without dialing
From: Mark Curphey <mark () CURPHEY COM>
Date: Mon, 20 Nov 2000 21:36:01 -0500
Under NT you will find the file modem.sys is loaded into kernel space.
Pretty simple to make the check across the LAN with the proviso that you
need to have admin rights on the target to read the properties. This is how
some popular commercial scanners check, but they won't tell you if they
couldn't connect with the appropraite level of access and thus you will get
a good degree of false negatives. If you used ISS scanner you would need to
manually trawl through the session log (yawn...) Of course this doesn't
differentiate between a dial-in or dial-out modem but that is a further
registry setting I think?
Checking for the RAS service doesn't work as Palms, and CE's start that
service and so you will get lots of false positives.
----- Original Message -----
From: "Blair, Glenn" <glenn.blair () SCOTIABANK COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Monday, November 20, 2000 2:15 PM
Subject: [PEN-TEST] Modem detection without dialing
I am wondered if there is a product which can detect the existence of a
the need for the modem to be connected ?. Specifically, in a LAN
administrator/pen tester identify a modem through the network, rather than
through the telephone
Any thoughts would be appreciated.
Sr. Security Specialist
888 Birchmount Rd 6th Floor
tel. (416) 285-2498
fax (416) 288-5055
glenn.blair () scotiabank com