Penetration Testing mailing list archives

Re: [PEN-TEST] X25, all but forgotten?


From: Emmanuel Gadaix <emmanuel () RELAYGROUP COM>
Date: Wed, 30 Aug 2000 13:25:39 +0700

On the issue whether X.25 is still used any longer or not...

It's worth mentioning that countless organizations are still widely using
X.25 for legit purposes.
Telecommunications operators use it extensively, so do banks and other
financial institutions (e.g. the SWIFT fund-transfer network is built over
X.25 encrypted links).

A special case worth of interest is France, which is operating one of the
largest X.25 network, Transpac. In the eighties, France built its national
videotext system, called Teletel, using its underlying X.25 network. The
success of that product, called the Minitel, was so huge that nowadays
(although it's a 1200 bps low-res display) it is still used by some 20,000
service providers and millions of Internet-challenged Frenchmen.

Interestingly, you are able to scan all X.25 networks from the Minitel,
once you're familiar with some of its features and call mode. Not very
fast, but 100% legal and... free.


Anyway as Vanja pointed out, there are quite many underground tools from
the glorious days of X.25 hacking, some probably sleep on some of our old
DAT backup... And as Alfred reminded us, most scanners are PSN-specific.

We try to suggest to our client to test their X.25 but most of them do not
seem to be interested in that. Strange considering that quite often the
X.25 link will be behind the firewall.

One document of interest is the RFC1356, "encapsulation of IP and other
network layer protocols over X.25".



--
Emmanuel Gadaix
The Relay Group
http://relaygroup.com

9A1C A656 5F15 977D 0A1B  5E11 E06F 439C 3C68 7413


Current thread: