Re: [PEN-TEST] War Dialers

[Alfred Huger <ah () SECURITYFOCUS COM>]

On Fri, 1 Sep 2000, Jose Nazario wrote:

> On Fri, 1 Sep 2000, Alfred Huger wrote:
>
> > Anyone have any experiance with commercial war dialing packages
> > compared to the free ones?
>
> they mentioned Ton-Loc but only in passing -- hasn't been updated since
> 1994, wasn't very robust

Well, it was written in pascal and if it was to be released again I
suspect it would need a re-write.

> and the author served 5 months in jail for

There were two authors and the one you are referring to did *alot* more
than 5 months in prison on more than one occasion. That being said if you
make decisions on security software usage based on wether it's written by
ex-hackers your choices are going to be *very* limited.

> their tests were judged on carrier and fax detection, system id,
> penetration (via authentication), reporting and "intangibles" like ease of
> use (subjective, to say the least).

Yeh, ease of use is always a killer. Getting your product reviewed as a
vendor is a crap shoot. I rarely put much credence into the reviews. I
have taken part in reviews where my products won out where they should not
have and vice versa. All too often reviewers are simply not qaulified to
make reviews worth reading and in other cases scores are based on really
subjective data. I much prefer forums like this where I can get feedback
from people who have actually used the software outside of a lab.


> and let's not forget the PalmOS wardialer TBA (from the L0pht's Palm Pilot
> labs).

I have never actually used this, is it decent?



-al


Alfred Huger
VP of Engineering
SecurityFocus.com