Re: [PEN-TEST] Modem detection without dialing

[Mark Curphey <mark () CURPHEY COM>]

Under NT you will find the file modem.sys is loaded into kernel space.

Pretty simple to make the check across the LAN with the proviso that you
need to have admin rights on the target to read the properties. This is how
some popular commercial scanners check, but they won't tell you if they
couldn't connect with the appropraite level of access and thus you will get
a good degree of false negatives. If you used ISS scanner you would need to
manually trawl through the session log (yawn...) Of course this doesn't
differentiate between a dial-in or dial-out modem but that is a further
registry setting I think?

Checking for the RAS service doesn't work as Palms, and CE's start that
service and so you will get lots of false positives.
----- Original Message -----
From: "Blair, Glenn" <glenn.blair () SCOTIABANK COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Monday, November 20, 2000 2:15 PM
Subject: [PEN-TEST] Modem detection without dialing


> I am wondered if there is a product which can detect the existence of a
modem,
> without
> the need for the modem to be connected ?.  Specifically, in a LAN
environment,
> can an
> administrator/pen tester identify a modem through the network, rather than
> through the telephone
> network.
>
> Any thoughts would be appreciated.
>
>
>
> Glenn Blair
>
> Sr. Security Specialist
> 888 Birchmount Rd 6th Floor
> tel. (416) 285-2498
> fax (416) 288-5055
> glenn.blair () scotiabank com