Re: [PEN-TEST] PBX Security

[Talisker <Talisker () NETWORKINTRUSION CO UK>]

Joe

Whilst you should also get into the switch to ensure that it is configured
correctly it is also worth running a wardialer against it, funnily enough I
tried to detail every wardialer I could find on my site below (under
scanners)  The tools I found were:
ModemScan
THC-PBX
TBA PhoneSweep
THC-Scan
Toneloc TeleSweep
PocketDial
Telephony Scanner

If anyone knows of any that I'm missing please let me know

Take Care
Andy

Site has been playing up 04 Oct 00
http://www.networkintrusion.co.uk Talisker's comprehensive IDS & Scanner
List
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo


The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.





----- Original Message -----
From: "Joe Traietta" <JTraietta () ASAHIBANKNY COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Wednesday, October 04, 2000 3:07 PM
Subject: [PEN-TEST] PBX Security


> I have been asked to perform a security review on the PBX system (NEC NEAX
> 2000 IVS) at my company.  I have virtually no PBX experience, so I was
> hoping somebody could point me to a good resource, or pass along some
> personal experience about reviewing / auditing a PBX system.
>
> Thank you.
>
> Joseph Traietta
> Data Security Officer
> Asahi Bank, New York Branch