RE: Modem detection in a LAN

[Thor () HammerofGod com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 10:30 PM 3/10/2002, Jacek Lipkowski wrote:

> *if* you have the account :) if you work at a university or any other
> network without a strict security policy.

When doing research for a RestrictAnonymous article for Security Focus, I 
wrote a series of little apps to enumerate net info with the NULL 
user.  One of them was TransEnum, which enumerates all the transport 
devices bound to a server/workstation. Basically, it just calls 
NetServerTransportEnum and returns a level 0 structure that contains the 
transport name of any transport  devices on a box.

With NT4, the device name nomenclature included a portion of the adapter 
type/model, which made it easy to see where modems were set up as RAS 
devices.  With Win2k, it looks like the adapter type/model has been 
replaced with a CSID or something.

With NT4 boxes, the tool was great as it could run against a machine as 
NULL even when RestrictAnonymous was set to 1... The same holds true for 
Win2k, but you (or someone) will have to figure out the CSID to extract any 
more information beyond the protocol in use by the device.

I post this here for 2 reasons:  1, you might have NT boxes and you were 
concerned about authentication, and 2, Someone might have their hands on a 
CSID reference (if that is what  it is) that could shed some light on the 
return value of NetServerTransportEnum on Win2k boxes.

Cheers.

AD




-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPIzMy4hsmyD15h5gEQIH1ACeN3QWXSfFQ+WeiaUNUQlrDfhTUlYAn0h1
bPK4x4vRYAK3phUlsGiHUhSP
=Rmva
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/