Re: [PEN-TEST] War Dialers

["Teicher, Mark" <mark.teicher () NETWORKICE COM>]

Yes,  I tend to agree with Al on the point below.  Real World testing of
products and real world experience using said products are worth more than
any review.  As Al states reviewers are not that experienced using said
products or setup sample test cases so that their favorite product will win
while others will lose.  Also another thing to look at is how much
advertising space does the winning vendor have in that particular magazine.


OK, Back to War Dialers

I have used PhoneSweep on several different engagements, once scan was for
about 100 modems, produced a nice report, but if used on a larger scale,
like 10,000 numbers or more, multiple scans had to be done, and it was very
very slow.  Even on a fast box, if the application was re-designed to make
use of dual processors machines, it would definitely enhance
performance.  The database architecture needs definite re-work, as in it
should be open to other databases other to the one they package with it.

The real bummer is trying to un-install the application, it leaves lots of
remnants around, and one really needs a good registry cleaner to remove all
the tidbits of the application from the particular machine one installed it on.

/m

At 10:11 AM 9/1/00 -0700, Alfred Huger wrote:
> On Fri, 1 Sep 2000, Jose Nazario wrote:
>
> > On Fri, 1 Sep 2000, Alfred Huger wrote:
> >
> > > Anyone have any experiance with commercial war dialing packages
> > > compared to the free ones?
> >
> > they mentioned Ton-Loc but only in passing -- hasn't been updated since
> > 1994, wasn't very robust
>
> Well, it was written in pascal and if it was to be released again I
> suspect it would need a re-write.
>
> > and the author served 5 months in jail for
>
> There were two authors and the one you are referring to did *alot* more
> than 5 months in prison on more than one occasion. That being said if you
> make decisions on security software usage based on wether it's written by
> ex-hackers your choices are going to be *very* limited.
>
> > their tests were judged on carrier and fax detection, system id,
> > penetration (via authentication), reporting and "intangibles" like ease of
> > use (subjective, to say the least).
>
> Yeh, ease of use is always a killer. Getting your product reviewed as a
> vendor is a crap shoot. I rarely put much credence into the reviews. I
> have taken part in reviews where my products won out where they should not
> have and vice versa. All too often reviewers are simply not qaulified to
> make reviews worth reading and in other cases scores are based on really
> subjective data. I much prefer forums like this where I can get feedback
> from people who have actually used the software outside of a lab.
>
>
> >
> > and let's not forget the PalmOS wardialer TBA (from the L0pht's Palm Pilot
> > labs).
> >
>
> I have never actually used this, is it decent?
>
>
>
> -al
>
>
> Alfred Huger
> VP of Engineering
> SecurityFocus.com