Penetration Testing mailing list archives
Re: [PEN-TEST] OT - How secure is an ISDN line?
From: Dragos Ruiu <dr () KYX NET>
Date: Tue, 14 Nov 2000 23:06:30 -0800
Uhm... the answer is ... it's very easy to tap an ISDN phone line. The equipment _used_ to be expensive. Look up a HP, PT500, PT502 (I managed this product for a brief period at the very beginning of it's life) or PT300 or PT302. Manufactured in Edmonton, AB. I believe the product was obsoleted a while back, but I saw old ones for sale in Akihabara a few years back :-).. Complete man in the middle Q.93x switch emulation was one of the standard demo scripts coded in Forth as I recall. Fancier versions of the scripts were products. And they were able to extract the B channels off PRI/BRI to either analog, or digital serial, or record them to disk. Many pieces of equipment exist to extract the B channel to a pots analog line. Getting a shadowing 56K modem is then your problem. More likely easier to record digitally and post process in sw. I agree with the first poster, ISDN is not more or less secure than the Plain Old Telephone System (POTS). cheers, --dr On Fri, 20 Oct 2000, Peter Van Epp wrote:
On Thu, Oct 19, 2000 at 03:38:40PM -0400, JLJ wrote:ISDN is as secure as a phone call, no more or less. If you can access the wire anywhere along the route and have equipment you can snoop the line, just like you can a phone call. I don't really think it's sa,"Noo send much of anything in the clear anymore...I have to disagree on this, while you can plug a phone (with a few simple adjustments, comenly called a beige box) into an analogue phone anywhere along the line and using either a linemans handset, or a datatap (available from the many exchange&mart spy shops in the uk). It was always my understanding that it was far more difficult to intercept a digital connection rather than a analogue connection that said, as long as they are using a 56k connection it sould be pretty difficult to intercept anyway, of course you could slow the connection down ( by way of line noise eiugh to force it into an much more intercept friendly mode of none error correcting 4800/9600.I think you are discussing analog modems while the original poster was discussing ISDN. If you can get the tap on the line I expect ISDN is the easier of the pair to decode (at least with V90 analog modems) since the data is digital and non encrypted (well, the modem isn't encrypted either, but see below). That means if you can recover the clocking and data on the ISDN line (which test sets will do) then you should be able to recover the data. Neither this nor getting the appropriate access is trivial but it is possible for a determined attacker. As stated end to end encryption is the best bet. The 56K modem case is hard because the DSP on either end is listening to the incoming signal by subtracting its outgoing signal from the signal on the line to recover the incoming data. As a man-in-the middle attacker you lack the information about what either modem is currently sending to know what to subtract from the signal on the line to recover the other side. If anyone knows of a test set to do this I'd be interested in a reference because we are having 56K modem problems and would love to be able to tap a monitor modem on to a B channel of a PRI when it isn't one of the participating modems. I suspect such a thing isn't possible due to lack of information, but I'd love to be wrong :-). Peter Van Epp / Operations and Technical Support Simon Fraser University, Burnaby, B.C. Canada
-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net
Current thread:
- Re: [PEN-TEST] OT - How secure is an ISDN line? Dragos Ruiu (Nov 16)