Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] War Dialers
From: iNature - David Martin <david () INATURE COM AU>
Date: Sat, 6 May 2000 09:43:49 +0800

I think that with war dialers it's more a case of detecting
any rouge modems in your network than guessing passwords
unless your looking for exploitable dialup server software
holes but for password policy i think doing a brute force
across a network usually does it as I believe NT and Linux (RH)
probably all linux flavours have the users normal password
as there dial in password as well (I could be wrong) but here in oz
you pay per phone call which i belive is not the case over in
the US so it's not cost effective to run a war dialer.

Again just my 2c worth

Dave

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Batten, Gerald
Sent: Tuesday, September 05, 2000 9:08 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] War Dialers


I agree, in an environment where dial-up modems are allowed, you need proper
penetration testing.  Most of my clients don't allow dial-up lines at all,
except for faxes, which is why ToneLoc is perfect for what I need to do.  If
the list of numbers don't match the list of known fax machines, we just
track down the offending line and cut it.  Most of my clients will just give
me their admin passwords for their dial-ups (after I've signed about a
million legal contracts), and I compare that to their password rules within
their policy.  It's more cost-effective for my client to just give me their
passwords than for me to try to guess the dial-up ones.  I'll do a brute
force on the network accounts, but not the dial-ups.

Just my 2c. worth.

Gerald.

-----Todd's Message-----
From: Todd Beebe [mailto:todd () SECURELOGIX COM]
Sent: Friday, September 01, 2000 7:47 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: War Dialers


Toneloc is good for finding modems.  But, the value of the commercial
products (both TeleSweep Secure and PhoneSweep) is the
username/password
guessing (read vulnerability testing).

Knowing you have 55 numbers that answer with a tone and
knowing that you
have 55 numbers that answer with tone and have easily guessable
username/passwords are two different things.

The comparison in the IP world is running a port scanner and
a vulnerability
scanner.  You can either receive a list of xxx number of
systems that MIGHT
be running vulnerable services and xxx number of systems that
ARE running
vulnerable systems.

If you use a war dialer or port scanner, someone will need to
manually test
the target systems to find out if they need attention to fix the
vulnerabilities.


Compared to:

2. ToneLoc (tools)
   url: http://www.securityfocus.com/tools/48


Alfred Huger
VP of Engineering
SecurityFocus.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault