Re: [PEN-TEST] War Dialers

["O'Grady, Michael" <Michael.O'Grady () PS NET>]

"someone would have to either run a long extension cable to their desk,
which would be noticed, or have the
laptop plugged into/beside the fax machine "

An analog line could also be bridged (or tapped) in the telephone closet or
at the jack (if accessible) as well.

-----Original Message-----
From: Batten, Gerald [mailto:GBatten () EXOCOM COM]
Sent: Tuesday, September 05, 2000 1:55 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] War Dialers


All the converters I've seen (remember, I'm not a telco expert) are useless
unless the phone system admin assigns a number to the converter.  The
converter is placed in series 'behind' the assigned desk phone.  So since
the converter has a separate phone number, which is in their database, I
simply include it in my scanning list.  Most of my clients don't allow those
anyway... everything goes through the Internet, where it is logged by the
firewall.

As for outbound modem calls on a fax line, someone would have to either run
a long extension cable to their desk, which would be noticed, or have the
laptop plugged into/beside the fax machine (pass-thru connector on the fax
device), which would definitely be noticed.  In most cases, a fax machine is
in a relatively public/open area, making it hard to do without stirring up
too much attention.  That's what physical security officers are for.  Don't
assume I mean 5$/hr rent-a-cops, but properly trained physical security
personnel.

I'm not disputing your point, I agree completely that in some cases, when
you find a system through a dial-up account, it should be properly assessed
(read: brute-forced).  I'm just saying that I haven't run into that scenario
yet.

Gerald.

*Note:  Views expressed in this e-mail are not necessarily those of my
employer.
**Note:  Views expressed in this e-mail are not necessarily mine either.

> -----Original Message-----
> From: Todd Beebe [mailto:todd () SECURELOGIX COM]
> Sent: Tuesday, September 05, 2000 10:23 AM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: War Dialers
>
>
> Gerald,
>
> how do you clients handle outbound modem calls on digital
> phone lines (using
> convertors such as Linestein) or outbound modem calls on
> analog fax lines?
>
>
> -----Original Message-----
> From: Batten, Gerald [mailto:GBatten () EXOCOM COM]
> Sent: Tuesday, September 05, 2000 8:08 AM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] War Dialers
>
>
> I agree, in an environment where dial-up modems are allowed,
> you need proper
> penetration testing.  Most of my clients don't allow dial-up
> lines at all,
> except for faxes, which is why ToneLoc is perfect for what I
> need to do.  If
> the list of numbers don't match the list of known fax
> machines, we just
> track down the offending line and cut it.  Most of my clients
> will just give
> me their admin passwords for their dial-ups (after I've signed about a
> million legal contracts), and I compare that to their
> password rules within
> their policy.  It's more cost-effective for my client to just
> give me their
> passwords than for me to try to guess the dial-up ones.  I'll
> do a brute
> force on the network accounts, but not the dial-ups.
>
> Just my 2c. worth.
>
> Gerald.
>
> > -----Todd's Message-----
> > From: Todd Beebe [mailto:todd () SECURELOGIX COM]
> > Sent: Friday, September 01, 2000 7:47 PM
> > To: PEN-TEST () SECURITYFOCUS COM
> > Subject: Re: War Dialers
> >
> >
> > Toneloc is good for finding modems.  But, the value of the
> commercial
> > products (both TeleSweep Secure and PhoneSweep) is the
> > username/password
> > guessing (read vulnerability testing).
> >
> > Knowing you have 55 numbers that answer with a tone and
> > knowing that you
> > have 55 numbers that answer with tone and have easily guessable
> > username/passwords are two different things.
> >
> > The comparison in the IP world is running a port scanner and
> > a vulnerability
> > scanner.  You can either receive a list of xxx number of
> > systems that MIGHT
> > be running vulnerable services and xxx number of systems that
> > ARE running
> > vulnerable systems.
> >
> > If you use a war dialer or port scanner, someone will need to
> > manually test
> > the target systems to find out if they need attention to fix the
> > vulnerabilities.
> >
> >
> > > Compared to:
> > >
> > > 2. ToneLoc (tools)
> > >    url: http://www.securityfocus.com/tools/48
> > >
> > >
> > > Alfred Huger
> > > VP of Engineering
> > > SecurityFocus.com