Re: [PEN-TEST] War Dialers

[Todd Beebe <todd () SECURELOGIX COM>]

Dave,

> > i do not have experience with the "professional" scanners since consultant
> > licenses are quite expensive for phone sweep and  telesweep.

TeleSweep Secure is priced at $995 for a 1000 number profile, unlimited
profiles (read unlimited engagements at no additional cost).  We also have a
Consultants version where the software can be installed free, and the
license key pricing is based upon the number of phone numbers to be dialed
(Per Engagement Key-PEK version).

Our experience has been the majority of the man hours involved in a dial-up
assessment engagement are typically spent either manually testing the
security of dialup systems (call system, try a couple passwords, dial system
again, take screenshots, keep notes of systems penetrated, etc) and
generating a customized report for the client.  Since hourly rates can go
from $100-$300 an hour and up, the cost of the professional dialer is
reasonable due to the dialer automating both the testing of the dialup
systems and the ability to generate a custom report that is client ready.



-----Original Message-----
From: Laumann, Dave [mailto:dlaumann () SUNTZU NET]
Sent: Friday, September 01, 2000 1:42 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] War Dialers


i do not have experience with the "professional" scanners since consultant
licenses are quite expensive for phone sweep and  telesweep. i use thc-scan
http://www.infowar.co.uk/thc/ it offers great features like full
customization of randomness and dial delay which is great if you want to
test the proper set up of a pbx. it also runs in two modes: carrier (which
can detect fax, voice, carrier, etc see below) and tone (dial tone!). it has
a familiar toneloc interface (for those familiar with toneloc's interface
(very intuitive)), and is quite stable and free ;-).

what is an absolute must with any scanner is a *good modem*. specifically a
modem that supports good result codes. which means you can forget most usr
modems. on sandstrom's modem page
http://www.sandstorm.net/support/modems.shtml there is a listing of modems
that they recommend. what all of these modems have in common are good result
codes (among other things?).

atx, atv, atw, atq, s14, and s95 generally control result codes.

look for a modem that has result codes of ok, connect, ring, no carrier,
error, no dial tone, busy, no answer, voice (not many modems do this), data,
fax (many usr modems lack this), compression, protocol...

> Hey Folks,
>
> Anyone have any experiance with commercial war dialing
> packages compared
> to the free ones? In particular I am wondering about:
>
> 1. PhoneSweep
>    url: http://www.securityfocus.com/products/280
>
> Compared to:
>
> 2. ToneLoc (tools)
>    url: http://www.securityfocus.com/tools/48
>
>
> Alfred Huger
> VP of Engineering
> SecurityFocus.com