Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: potential fax server security issues?

From: "Travis Potter" <TPotter () secureintegrations com>
Date: Tue, 13 Jan 2004 17:20:30 -0700
It's better to use intelligent Fax Boards by Brooktrout or Dialogic to
control this Phase A(handshake) and Phase B(data transmission) portions
of communication at the firmware level as opposed to a modem with all
init and "at" strings commonly known that may or may not be vulnerable.

-----Original Message-----
From: Maarten [mailto:maartenh () phreaker net] 
Sent: Tuesday, January 13, 2004 12:49 PM
To: pen-test () securityfocus com
Subject: potential fax server security issues?


Hi,

I was wondering if any of you has experience in testing fax servers. I
am looking for some insides on potential vulnerabilities on the modem
side of a fax server. Could an attacker for instance (potentially):
- Discover the fax server using a war dialler (yes)
- Connect to the fax server using his modem (yes)
- Initiate some kind of overflow on the fax server software after the
modem connection has been established, gaining a shell on the system????

Has anyone been looking into this kind of stuff? Am I being overly
paranoid at this point?

thanks!
Maarten


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: