Re: [PEN-TEST] War Dialers

["Laumann, Dave" <dlaumann () SUNTZU NET>]

i do not have experience with the "professional" scanners since consultant
licenses are quite expensive for phone sweep and  telesweep. i use thc-scan
http://www.infowar.co.uk/thc/ it offers great features like full
customization of randomness and dial delay which is great if you want to
test the proper set up of a pbx. it also runs in two modes: carrier (which
can detect fax, voice, carrier, etc see below) and tone (dial tone!). it has
a familiar toneloc interface (for those familiar with toneloc's interface
(very intuitive)), and is quite stable and free ;-).

what is an absolute must with any scanner is a *good modem*. specifically a
modem that supports good result codes. which means you can forget most usr
modems. on sandstrom's modem page
http://www.sandstorm.net/support/modems.shtml there is a listing of modems
that they recommend. what all of these modems have in common are good result
codes (among other things?).

atx, atv, atw, atq, s14, and s95 generally control result codes.

look for a modem that has result codes of ok, connect, ring, no carrier,
error, no dial tone, busy, no answer, voice (not many modems do this), data,
fax (many usr modems lack this), compression, protocol...

> Hey Folks,
>
> Anyone have any experiance with commercial war dialing
> packages compared
> to the free ones? In particular I am wondering about:
>
> 1. PhoneSweep
>    url: http://www.securityfocus.com/products/280
>
> Compared to:
>
> 2. ToneLoc (tools)
>    url: http://www.securityfocus.com/tools/48
>
>
> Alfred Huger
> VP of Engineering
> SecurityFocus.com