Re: [PEN-TEST] X25, all but forgotten?

[edison <edison () DHP COM>]

Until recently I was employed by a baby bell that had many fingers in
the x25 pie, and suggested to my immediate mgmt that I could poke
around for any vulnerabilities.

Since it'd been years since I'd played on x25, I scoured the net for
newer resources than NUAA.  Most of what I found was european, since
most people in the States _have_ forgotten about it.  There's a couple
of script-based tools that came highly recommended, but none that
worked the way I wanted.  I started to develop my own, but that
project was yanked when my job was yanked (for doing the lightest of
exploring - not even real pen-testing, even though I was in the
security group).

Since most of my prior experience was with Telenet/PC Pursuit dialups,
I was gearing my app along those lines.  If anyone's interested, lemme
know.

-edison

P.S.  If you haven't picked it up from the mention above, be _very_
careful about doing any pen-testing in your company if it's not your
direct responsibility.  I even had my immediate management's approval
for what I was doing, yet because I had hacker tools which were
forbidden by corporate policy on my machine (the official reason;
ignorance and fear - the real reason), I was ousted.

On Tue, 29 Aug 2000, Alfred Huger wrote:

> Hey folks,
>
> I was sitting around with some friends over my holidays and we were
> discussing X25 auditing. For example, does anyone do it anylonger? I know
> that a great many companies still maintain connectivity to X25 networks
> like Transpac,Datex,Datapac,Tymnet etc. Seems to me it would be an
> important part of any network audit given that many X25 backends live in
> dusty corners and are rarely secured with serious diligence.
>
> Having said this, I thought I would pose some questions:
>
> 1. Is anyone doing this anymore (legally)? If so what X25 networks are you
> seeing folks still connected to?
>
> 2. Are there any automated tools for this? I remember SALT scripts (and
> the like) for Minicom and Telix (anyone remember Telix?) as well as some
> dcl and sh programs for this, however I have not seen them for years
> (literally).
>
> 3. Anyone in commercial scanner land thinking on adding this? It's an idea
> we mulled at Secure Networks but discarded it for a number of technical
> reasons and an obvious marketing concern - we had no idea if there was a
> market for it.
>
>
> Alfred Huger
> VP of Engineering
> SecurityFocus.com