Penetration Testing mailing list archives
Re: [PEN-TEST] War Dialers
From: Kurt Buff <kurtbuff () LIGHTMAIL COM>
Date: Sun, 3 Sep 2000 11:45:10 -0700
Respectfully, I suggest that you might want to expand your horizons a bit, then. There are now several representatives in a new class of PBX, mostly aimed at small businesses, that feature VOIP (voice over IP), network connectivity, PSTN connectivity, and/or other neato features. Usually they also offer either their own embedded HTTP server, or work with one already present on the platform, and sometimes offer their own SMTP/POP3 server, and often offer other things, such as integration with MS Exchange or other enterprise mail platforms. A good starting point for your research (if you're interested...) is: http://www.commweb.com or http://www.computertelephony.com/ The particular product I'm most familiar with is from Altigen: http://www.altigen.com It's a pretty good system, but I'd bet there are some vulnerabilities in it, and in its competitors, also. Cisco and 3Com offer systems, as does Sphere Communications (though I haven't heard from them in a while), and a host of others. As a special bonus, here's a (probably wrapped) URL for a book that looks interesting: http://www.telecombooks.com/scripts/store/vsc/store/products/3401.htm?L+/htd ocs/ctstore/config/store+cgqh3365 That having been said, I don't know of any PBXs that allow you to dial in and use the PBX itself as a gateway to the network, although I'd bet that someone has that feature either now or RSN. Kurt -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Todd Beebe Sent: Sunday, September 03, 2000 11:10 To: PEN-TEST () SECURITYFOCUS COM Subject: Re: War Dialers Mark, there still might be some confusion to the purpose of TeleSweep Secure. It is designed to test the vulnerability state of network devices which are connected to the PSTN via modem. Its primary purpose is not to test the username/passwords of voicemail systems and/or PBXs. Since we are not aware of any voicemail system and/or PBX that allows remote network connectivity to an IP network, we have focused the TeleSweep Secure functionality to test the security (username/password strength) of network devices (routers, Unix servers, dialup systems, etc) that can be accessed externally. Since there are cases of customized login prompts, TeleSweep Secure allows the user to add new system definitions, as well as new username/password combinations that might be common to that organization. ex: http://telesweepsecure.securelogix.com/solution.htm?solutionid=44 Alot of the network penetrations we have been involved in, or have read published accounts of, had the intruder gain access through a poorly secured dialup system. If you are aware of some cases where the intruder gained access to the internal corporate network through the PBX and/or voicemail system could you please forward those to my attention? Thanks. Todd Beebe, CISSP -----Original Message----- From: Teicher, Mark [mailto:mark.teicher () NETWORKICE COM] Sent: Sunday, September 03, 2000 9:42 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] War Dialers I almost agree with Todd's points except that when a war dialer identifies a phone number except for ISP PPP NAS devices, the username password module may not work as planned since the prompt will be of NAS device or customized login prompt: if so modified. In a true PBX environment, most username/password schemes are made up a voicemail number (last 4 digits of a direct dial number for external callers and last 3 digits for internal, depending on the phone system ) and password (usually a combination of numbers ranging from 1 (very bad) to 8(limitation). On some of the newer phone systems that forward voicemail to a person's email, (real usernames can be used). I have yet to find a war dialer that is capable of this type of username/password grinding. :)
Current thread:
- Re: [PEN-TEST] War Dialers, (continued)
- Re: [PEN-TEST] War Dialers Batten, Gerald (Sep 01)
- Re: [PEN-TEST] War Dialers Davidson,Sam (Sep 01)
- Re: [PEN-TEST] War Dialers list Talisker (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 02)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 03)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 02)
- [PEN-TEST] War Dialers, Brute Force, etc. Vanja Hrustic (Sep 02)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 03)
- Re: [PEN-TEST] War Dialers Laumann, Dave (Sep 02)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 03)
- Re: [PEN-TEST] War Dialers Kurt Buff (Sep 03)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 03)
- Re: [PEN-TEST] War Dialers Batten, Gerald (Sep 05)
- Re: [PEN-TEST] War Dialers iNature - David Martin (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 05)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 05)
- Re: [PEN-TEST] War Dialers Batten, Gerald (Sep 05)
- Re: [PEN-TEST] War Dialers O'Grady, Michael (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 05)