Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] War Dialers
From: Todd Beebe <todd () SECURELOGIX COM>
Date: Tue, 5 Sep 2000 15:59:12 -0500

Gerald,

All the converters I've seen (remember, I'm not a telco expert) are
useless

check out the following:

http://www.ctdepot.com/store/Hello_Direct/LeinStein.htm

this is what we used during some of our past lives in one of the Big 5.  We
used the digital convertors everyday to dialup to our corporate network to
send/receive mail, etc and never needed to contact any telco admin.

As for outbound modem calls on a fax line, someone would have to either
run

Again, our experience involved incidents in which the FBI was brought in and
the activity involved dialing directly into a local ISP and downloading
confidential out of the country.  The companies involved did have extremely
tight physical security, but no one monitored the use of "the other copper
pairs" running into the company, most attention was paid to the "copper
pairs" connected to the Internet.



-----Original Message-----
From: Batten, Gerald [mailto:GBatten () EXOCOM COM]
Sent: Tuesday, September 05, 2000 12:55 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] War Dialers


All the converters I've seen (remember, I'm not a telco expert) are useless
unless the phone system admin assigns a number to the converter.  The
converter is placed in series 'behind' the assigned desk phone.  So since
the converter has a separate phone number, which is in their database, I
simply include it in my scanning list.  Most of my clients don't allow those
anyway... everything goes through the Internet, where it is logged by the
firewall.

As for outbound modem calls on a fax line, someone would have to either run
a long extension cable to their desk, which would be noticed, or have the
laptop plugged into/beside the fax machine (pass-thru connector on the fax
device), which would definitely be noticed.  In most cases, a fax machine is
in a relatively public/open area, making it hard to do without stirring up
too much attention.  That's what physical security officers are for.  Don't
assume I mean 5$/hr rent-a-cops, but properly trained physical security
personnel.

I'm not disputing your point, I agree completely that in some cases, when
you find a system through a dial-up account, it should be properly assessed
(read: brute-forced).  I'm just saying that I haven't run into that scenario
yet.

Gerald.

*Note:  Views expressed in this e-mail are not necessarily those of my
employer.
**Note:  Views expressed in this e-mail are not necessarily mine either.

-----Original Message-----
From: Todd Beebe [mailto:todd () SECURELOGIX COM]
Sent: Tuesday, September 05, 2000 10:23 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: War Dialers


Gerald,

how do you clients handle outbound modem calls on digital
phone lines (using
convertors such as Linestein) or outbound modem calls on
analog fax lines?


-----Original Message-----
From: Batten, Gerald [mailto:GBatten () EXOCOM COM]
Sent: Tuesday, September 05, 2000 8:08 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] War Dialers


I agree, in an environment where dial-up modems are allowed,
you need proper
penetration testing.  Most of my clients don't allow dial-up
lines at all,
except for faxes, which is why ToneLoc is perfect for what I
need to do.  If
the list of numbers don't match the list of known fax
machines, we just
track down the offending line and cut it.  Most of my clients
will just give
me their admin passwords for their dial-ups (after I've signed about a
million legal contracts), and I compare that to their
password rules within
their policy.  It's more cost-effective for my client to just
give me their
passwords than for me to try to guess the dial-up ones.  I'll
do a brute
force on the network accounts, but not the dial-ups.

Just my 2c. worth.

Gerald.

-----Todd's Message-----
From: Todd Beebe [mailto:todd () SECURELOGIX COM]
Sent: Friday, September 01, 2000 7:47 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: War Dialers


Toneloc is good for finding modems.  But, the value of the
commercial
products (both TeleSweep Secure and PhoneSweep) is the
username/password
guessing (read vulnerability testing).

Knowing you have 55 numbers that answer with a tone and
knowing that you
have 55 numbers that answer with tone and have easily guessable
username/passwords are two different things.

The comparison in the IP world is running a port scanner and
a vulnerability
scanner.  You can either receive a list of xxx number of
systems that MIGHT
be running vulnerable services and xxx number of systems that
ARE running
vulnerable systems.

If you use a war dialer or port scanner, someone will need to
manually test
the target systems to find out if they need attention to fix the
vulnerabilities.


Compared to:

2. ToneLoc (tools)
   url: http://www.securityfocus.com/tools/48


Alfred Huger
VP of Engineering
SecurityFocus.com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]