Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Modem detection without dialing
From: Mark Curphey <mark () CURPHEY COM>
Date: Mon, 20 Nov 2000 21:36:01 -0500

Under NT you will find the file modem.sys is loaded into kernel space.

Pretty simple to make the check across the LAN with the proviso that you
need to have admin rights on the target to read the properties. This is how
some popular commercial scanners check, but they won't tell you if they
couldn't connect with the appropraite level of access and thus you will get
a good degree of false negatives. If you used ISS scanner you would need to
manually trawl through the session log (yawn...) Of course this doesn't
differentiate between a dial-in or dial-out modem but that is a further
registry setting I think?

Checking for the RAS service doesn't work as Palms, and CE's start that
service and so you will get lots of false positives.
----- Original Message -----
From: "Blair, Glenn" <glenn.blair () SCOTIABANK COM>
Sent: Monday, November 20, 2000 2:15 PM
Subject: [PEN-TEST] Modem detection without dialing

I am wondered if there is a product which can detect the existence of a
the need for the modem to be connected ?.  Specifically, in a LAN
can an
administrator/pen tester identify a modem through the network, rather than
through the telephone

Any thoughts would be appreciated.

Glenn Blair

Sr. Security Specialist
888 Birchmount Rd 6th Floor
tel. (416) 285-2498
fax (416) 288-5055
glenn.blair () scotiabank com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]