Re: [PEN-TEST] War Dialers

["Teicher, Mark" <mark.teicher () NETWORKICE COM>]

I almost agree with Todd's points except that when a war dialer identifies
a phone number except for ISP PPP NAS devices, the username password module
may not work as planned since the prompt will be of NAS device or
customized login prompt: if so modified.

In a true PBX environment, most username/password schemes are made up a
voicemail number (last 4 digits of a direct dial number for external
callers and last 3 digits for internal, depending on the phone system ) and
password (usually a combination of numbers ranging from 1 (very bad) to
8(limitation).  On some of the newer phone systems that forward voicemail
to a person's email, (real usernames can be used).

I have yet to find a war dialer that is capable of this type of
username/password grinding.

:)



At 08:46 PM 9/1/00 -0500, Todd Beebe wrote:
> Toneloc is good for finding modems.  But, the value of the commercial
> products (both TeleSweep Secure and PhoneSweep) is the username/password
> guessing (read vulnerability testing).
>
> Knowing you have 55 numbers that answer with a tone and knowing that you
> have 55 numbers that answer with tone and have easily guessable
> username/passwords are two different things.
>
> The comparison in the IP world is running a port scanner and a vulnerability
> scanner.  You can either receive a list of xxx number of systems that MIGHT
> be running vulnerable services and xxx number of systems that ARE running
> vulnerable systems.
>
> If you use a war dialer or port scanner, someone will need to manually test
> the target systems to find out if they need attention to fix the
> vulnerabilities.
>
>
> -----Original Message-----
> From: Batten, Gerald [mailto:GBatten () EXOCOM COM]
> Sent: Friday, September 01, 2000 12:30 PM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] War Dialers
>
>
> I've used ToneLoc on several occasions, and it's worked perfectly for me.
> It's even worked under NT using my pcmcia modem.  Who cares if it hasn't
> been updated since 1994?  It tells me what numbers have a tone or not, which
> ones have a busy signal, etc... that's all I need for an initial recon of my
> client's phone system.  I usually take the list of detected carriers and
> compare it to their phone list and see who owns the lines.
>
> My .02c worth.
>
> Gerald.
>
> > -----Original Message-----
> > From: Alfred Huger [mailto:ah () SECURITYFOCUS COM]
> > Sent: Friday, September 01, 2000 10:22 AM
> > To: PEN-TEST () SECURITYFOCUS COM
> > Subject: War Dialers
> >
> >
> > Hey Folks,
> >
> > Anyone have any experiance with commercial war dialing
> > packages compared
> > to the free ones? In particular I am wondering about:
> >
> > 1. PhoneSweep
> >    url: http://www.securityfocus.com/products/280
> >
> > Compared to:
> >
> > 2. ToneLoc (tools)
> >    url: http://www.securityfocus.com/tools/48
> >
> >
> > Alfred Huger
> > VP of Engineering
> > SecurityFocus.com
> >