Penetration Testing mailing list archives
Re: DID Range Enumeration
From: Akatosh <akatosh () rains net>
Date: Thu, 9 May 2002 15:24:28 -0400 (EDT)
On Tue, 7 May 2002, John Smith wrote:
Does anyone know of a method to identify the DID ranges assigned to a company? As part of a blind pen-test I have been asked to complete a war dial, but the company does not want to give me the ranges.
You can get information from the companies telephone system directory (*, 0, # or something). If you find one number (webpage, phone book, business cards, fake quote requests), you may have them all. The last several digits of a telephone number is the extention. If you found a person with the number 111-1001, their range might be 111-1000 through 111-1999 (assuming you knew they had 3 digit extensions). If you can find several numbers associated with the company with the same first 3 or 4 digits, then you found the range for sure. The PBX directory + social engineering will get lots of information. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- DID Range Enumeration John Smith (May 09)
- Re: DID Range Enumeration Akatosh (May 09)
- Re: DID Range Enumeration Chris Reining (May 09)
- Re: DID Range Enumeration Secure Green (May 10)
- <Possible follow-ups>
- Re: DID Range Enumeration BParis (May 10)