Penetration Testing mailing list archives
Re: [PEN-TEST] War Dialers
From: Todd Beebe <todd () SECURELOGIX COM>
Date: Sun, 3 Sep 2000 13:56:11 -0500
Dave,
i do not have experience with the "professional" scanners since consultant licenses are quite expensive for phone sweep and telesweep.
TeleSweep Secure is priced at $995 for a 1000 number profile, unlimited profiles (read unlimited engagements at no additional cost). We also have a Consultants version where the software can be installed free, and the license key pricing is based upon the number of phone numbers to be dialed (Per Engagement Key-PEK version). Our experience has been the majority of the man hours involved in a dial-up assessment engagement are typically spent either manually testing the security of dialup systems (call system, try a couple passwords, dial system again, take screenshots, keep notes of systems penetrated, etc) and generating a customized report for the client. Since hourly rates can go from $100-$300 an hour and up, the cost of the professional dialer is reasonable due to the dialer automating both the testing of the dialup systems and the ability to generate a custom report that is client ready. -----Original Message----- From: Laumann, Dave [mailto:dlaumann () SUNTZU NET] Sent: Friday, September 01, 2000 1:42 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] War Dialers i do not have experience with the "professional" scanners since consultant licenses are quite expensive for phone sweep and telesweep. i use thc-scan http://www.infowar.co.uk/thc/ it offers great features like full customization of randomness and dial delay which is great if you want to test the proper set up of a pbx. it also runs in two modes: carrier (which can detect fax, voice, carrier, etc see below) and tone (dial tone!). it has a familiar toneloc interface (for those familiar with toneloc's interface (very intuitive)), and is quite stable and free ;-). what is an absolute must with any scanner is a *good modem*. specifically a modem that supports good result codes. which means you can forget most usr modems. on sandstrom's modem page http://www.sandstorm.net/support/modems.shtml there is a listing of modems that they recommend. what all of these modems have in common are good result codes (among other things?). atx, atv, atw, atq, s14, and s95 generally control result codes. look for a modem that has result codes of ok, connect, ring, no carrier, error, no dial tone, busy, no answer, voice (not many modems do this), data, fax (many usr modems lack this), compression, protocol...
Hey Folks, Anyone have any experiance with commercial war dialing packages compared to the free ones? In particular I am wondering about: 1. PhoneSweep url: http://www.securityfocus.com/products/280 Compared to: 2. ToneLoc (tools) url: http://www.securityfocus.com/tools/48 Alfred Huger VP of Engineering SecurityFocus.com
Current thread:
- Re: [PEN-TEST] War Dialers list, (continued)
- Re: [PEN-TEST] War Dialers list Talisker (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 02)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 03)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 02)
- [PEN-TEST] War Dialers, Brute Force, etc. Vanja Hrustic (Sep 02)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 03)
- Re: [PEN-TEST] War Dialers Laumann, Dave (Sep 02)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 03)
- Re: [PEN-TEST] War Dialers Kurt Buff (Sep 03)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 03)
- Re: [PEN-TEST] War Dialers Batten, Gerald (Sep 05)
- Re: [PEN-TEST] War Dialers iNature - David Martin (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 05)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 05)
- Re: [PEN-TEST] War Dialers Batten, Gerald (Sep 05)
- Re: [PEN-TEST] War Dialers O'Grady, Michael (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 05)