Penetration Testing mailing list archives
Re: [PEN-TEST] X25, all but forgotten?
From: edison <edison () DHP COM>
Date: Tue, 29 Aug 2000 13:52:31 -0400
Until recently I was employed by a baby bell that had many fingers in the x25 pie, and suggested to my immediate mgmt that I could poke around for any vulnerabilities. Since it'd been years since I'd played on x25, I scoured the net for newer resources than NUAA. Most of what I found was european, since most people in the States _have_ forgotten about it. There's a couple of script-based tools that came highly recommended, but none that worked the way I wanted. I started to develop my own, but that project was yanked when my job was yanked (for doing the lightest of exploring - not even real pen-testing, even though I was in the security group). Since most of my prior experience was with Telenet/PC Pursuit dialups, I was gearing my app along those lines. If anyone's interested, lemme know. -edison P.S. If you haven't picked it up from the mention above, be _very_ careful about doing any pen-testing in your company if it's not your direct responsibility. I even had my immediate management's approval for what I was doing, yet because I had hacker tools which were forbidden by corporate policy on my machine (the official reason; ignorance and fear - the real reason), I was ousted. On Tue, 29 Aug 2000, Alfred Huger wrote:
Hey folks, I was sitting around with some friends over my holidays and we were discussing X25 auditing. For example, does anyone do it anylonger? I know that a great many companies still maintain connectivity to X25 networks like Transpac,Datex,Datapac,Tymnet etc. Seems to me it would be an important part of any network audit given that many X25 backends live in dusty corners and are rarely secured with serious diligence. Having said this, I thought I would pose some questions: 1. Is anyone doing this anymore (legally)? If so what X25 networks are you seeing folks still connected to? 2. Are there any automated tools for this? I remember SALT scripts (and the like) for Minicom and Telix (anyone remember Telix?) as well as some dcl and sh programs for this, however I have not seen them for years (literally). 3. Anyone in commercial scanner land thinking on adding this? It's an idea we mulled at Secure Networks but discarded it for a number of technical reasons and an obvious marketing concern - we had no idea if there was a market for it. Alfred Huger VP of Engineering SecurityFocus.com
Current thread:
- [PEN-TEST] X25, all but forgotten? Alfred Huger (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? edison (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Vanja Hrustic (Aug 29)
- <Possible follow-ups>
- Re: [PEN-TEST] X25, all but forgotten? Masse, Robert (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Alfred Huger (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Frasnelli, Dan (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Emmanuel Gadaix (Aug 30)
- Re: [PEN-TEST] X25, all but forgotten? Peter Van Epp (Aug 30)
- Re: [PEN-TEST] X25, all but forgotten? Alfred Huger (Aug 29)