Penetration Testing mailing list archives
Re: Security Posture Assessment
From: Steven.Gill () sungard com
Date: Thu, 13 Nov 2003 21:26:47 -0500
The best modems to me seem to be US Robotics Sportster Modems. You may also need to check your Initialization strings and dip switch settings on your modem. Typically using ATZ for your init string should be enough, but the NVRAM on the modem could be screwed up. You can also look at your Windows .inf file for your modem to find your initialization string. Also, I am currently writing a war dialing program for Linux called Telescan (http://sourceforge.net/projects/telescan). It can handle multiple modems, and logs its findings to a mysql database. I have written reporting web pages in php so that you can look at the results via a nice interface. It supports the following features: - Has "time profiles" - e.g. you can tell telescan which hours dialing can occur in any granularity that you want - Logs to a database (currently only mysql supported, but will later support more) - Uses a multithreaded architecture to handle many modems - Can use any modem that linux can use ( I currently use 3 modems off of a DigiBoard) - Reporting via web pages I have not released a tarball on sourceforge, but I have checked in code to CVS if anyone wants to try it: cvs -d:pserver:anonymous () cvs sourceforge net:/cvsroot/telescan login cvs -z3 -d:pserver:anonymous () cvs sourceforge net:/cvsroot/telescan co telescan Then it should be the normal ./configure && make su make install There is a sql file in contrib/ to set up the database schema and a sample configuration file for configuring telescan. I also have a demo of the reporting tool at: http://telescan.sourceforge.net/telescan/telescan_index.php I appreciate any feedback you may have, and also if anyone wants to help code, I'd love the help. Steve |---------+----------------------------> | | Bob | | | <bobwills78@hotma| | | il.com> | | | | | | 11/09/2003 09:33 | | | PM | | | | |---------+---------------------------->
---------------------------------------------------------------------------------------------------------------------------------------------|
| | | To: pen-test () securityfocus com | | cc: | | Subject: Security Posture Assessment |
---------------------------------------------------------------------------------------------------------------------------------------------|
I am looking for imput from folks who have performed security posture assessments as to the best free alternative to Phone Sweep. I have heard good things about toneloc, but have been unsuccessful at getting it to initialize any of the five modems I have attempted. The basic configuration seems to be no more complicated than a COM port and an IRQ setting so please let me know if you think there is something I am missing. If you have gotten it to work what do you think is the best modem for toneloc? --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ----------------------------------------------------------------------------
Current thread:
- Security Posture Assessment Bob (Nov 12)
- RE: Security Posture Assessment Tonie Deen (Nov 15)
- Re: Security Posture Assessment Frank Knobbe (Nov 15)
- <Possible follow-ups>
- RE: Security Posture Assessment William J. Craig (Nov 15)
- Re: Security Posture Assessment Steven . Gill (Nov 15)
- Re: Security Posture Assessment R. DuFresne (Nov 16)
- RE: Security Posture Assessment Robert Masse (Nov 16)