Penetration Testing mailing list archives
Re: [PEN-TEST] X25, all but forgotten?
From: Vanja Hrustic <vanja () RELAYGROUP COM>
Date: Wed, 30 Aug 2000 02:45:28 +0700
On Tue, 29 Aug 2000, Alfred Huger wrote:
Hey folks, I was sitting around with some friends over my holidays and we were discussing X25 auditing. For example, does anyone do it anylonger? I know that a great many companies still maintain connectivity to X25 networks like Transpac,Datex,Datapac,Tymnet etc. Seems to me it would be an important part of any network audit given that many X25 backends live in dusty corners and are rarely secured with serious diligence.
Quite often people that administer 'Internet' part of the network are not in any way in charge of systems connected to X.25. In most cases, those systems are 'internal' systems, and are (as you say) just "living in the dusty corners". So, nobody actually touches them anymore (people set it up, run, and then move to another company :). Not to forget the fact that very many systems on X.25 are not UNIX or NT, and it's fairly hard to find people who will maintain them (Primos, VMSs, Tandems, HP3000s and many many different OSs, systems, hardware...). And it's really heaven for curious guys, since there are so many systems with default passwords, or no passwords at all... Yet, those companies invest hundreds of thousands of $$$ into firewalls, IDSs, VPNs and all the other buzzwords...
1. Is anyone doing this anymore (legally)? If so what X25 networks are you seeing folks still connected to?
I wonder if anybody is lucky enough to get any X.25 system 'included' in the scope of work. It's usually like "Naaah, that doesn't matter..."
2. Are there any automated tools for this? I remember SALT scripts (and the like) for Minicom and Telix (anyone remember Telix?) as well as some dcl and sh programs for this, however I have not seen them for years (literally).
Automated tools for scanning or 'hacking'? Well, there are/were automated scanners written in C for various UNIX platforms (Ultrix, SunOS, Bull, AIX, DG-UX... might be more). There are also automated scanners for VMS, written in C. Those are 'multi-line' scanners (if I can say so), that are not using single X.25 link for scanning - they're using as much as they can. I know that there were VAXes with 128 X.25 links - imagine that scanner ;) Some of the scanners were also having a bit of 'intelligence' to recognize when network is down (network congestion - everyone's favourite ;), or when scan of subaddresses needs to be performed, etc. It all depended on network responses, and had to be tuned for each net. And those tools are 'extremely private'. There were heaps of shell/DCL scripts for UNIX and VMS which were also called 'batch scanners', since they were fairly dumb - you set the 'range', and the scanner just does it, no matter what the responses are, or if the network is congested, etc... Those were also running in the background, without need for human intervention. And those scanners needed 'modifications' for each UNIX brand, because of differences in PAD software. There were also some VMS scanners that would mail (using PSIMAIL) results to remote system. That was 'mother of distributed scanners' ;) And, of course, there were all those 'interactive' scanners (scripts for comm software, shell/DCL scripts, etc) where human would need to sit in front the screen and log COMs, and other stuff. I think most people used things like that, for Sprint and Datapac scanning.
3. Anyone in commercial scanner land thinking on adding this? It's an idea we mulled at Secure Networks but discarded it for a number of technical reasons and an obvious marketing concern - we had no idea if there was a market for it.
Adding X.25 scanning? Or X.25 'hacking'? :) I can imagine that scanner would be a nightmare to write, since adding support for every X.25 card would, probably, be needed. Not to mention the bills auditors would need to pay for, let's say, 100,000 scanned NUAs :) X.25 was always charged by 'call' and 'transfer', I don't know if that has changed. I don't think there would be market for that, really. Vanja
Current thread:
- [PEN-TEST] X25, all but forgotten? Alfred Huger (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? edison (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Vanja Hrustic (Aug 29)
- <Possible follow-ups>
- Re: [PEN-TEST] X25, all but forgotten? Masse, Robert (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Alfred Huger (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Frasnelli, Dan (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Emmanuel Gadaix (Aug 30)
- Re: [PEN-TEST] X25, all but forgotten? Peter Van Epp (Aug 30)
- Re: [PEN-TEST] X25, all but forgotten? Alfred Huger (Aug 29)