Penetration Testing mailing list archives
Re: [PEN-TEST] War Dialers
From: Todd Beebe <todd () SECURELOGIX COM>
Date: Fri, 1 Sep 2000 20:46:57 -0500
Toneloc is good for finding modems. But, the value of the commercial products (both TeleSweep Secure and PhoneSweep) is the username/password guessing (read vulnerability testing). Knowing you have 55 numbers that answer with a tone and knowing that you have 55 numbers that answer with tone and have easily guessable username/passwords are two different things. The comparison in the IP world is running a port scanner and a vulnerability scanner. You can either receive a list of xxx number of systems that MIGHT be running vulnerable services and xxx number of systems that ARE running vulnerable systems. If you use a war dialer or port scanner, someone will need to manually test the target systems to find out if they need attention to fix the vulnerabilities. -----Original Message----- From: Batten, Gerald [mailto:GBatten () EXOCOM COM] Sent: Friday, September 01, 2000 12:30 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] War Dialers I've used ToneLoc on several occasions, and it's worked perfectly for me. It's even worked under NT using my pcmcia modem. Who cares if it hasn't been updated since 1994? It tells me what numbers have a tone or not, which ones have a busy signal, etc... that's all I need for an initial recon of my client's phone system. I usually take the list of detected carriers and compare it to their phone list and see who owns the lines. My .02c worth. Gerald.
-----Original Message----- From: Alfred Huger [mailto:ah () SECURITYFOCUS COM] Sent: Friday, September 01, 2000 10:22 AM To: PEN-TEST () SECURITYFOCUS COM Subject: War Dialers Hey Folks, Anyone have any experiance with commercial war dialing packages compared to the free ones? In particular I am wondering about: 1. PhoneSweep url: http://www.securityfocus.com/products/280 Compared to: 2. ToneLoc (tools) url: http://www.securityfocus.com/tools/48 Alfred Huger VP of Engineering SecurityFocus.com
Current thread:
- Re: [PEN-TEST] War Dialers, (continued)
- Re: [PEN-TEST] War Dialers Herring, Simon (Sep 01)
- Re: [PEN-TEST] War Dialers Maks, Steven (ISS eServices) (Sep 01)
- Re: [PEN-TEST] War Dialers Lastname, Firstname (Sep 01)
- Re: [PEN-TEST] War Dialers Thorp, Michael (Sep 01)
- Re: [PEN-TEST] War Dialers Herring, Simon (Sep 01)
- Re: [PEN-TEST] War Dialers Batten, Gerald (Sep 01)
- Re: [PEN-TEST] War Dialers Davidson,Sam (Sep 01)
- Re: [PEN-TEST] War Dialers list Talisker (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 02)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 03)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 02)
- [PEN-TEST] War Dialers, Brute Force, etc. Vanja Hrustic (Sep 02)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 03)
- Re: [PEN-TEST] War Dialers Laumann, Dave (Sep 02)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 03)
- Re: [PEN-TEST] War Dialers Kurt Buff (Sep 03)
- Re: [PEN-TEST] War Dialers Teicher, Mark (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 03)
- Re: [PEN-TEST] War Dialers Batten, Gerald (Sep 05)
- Re: [PEN-TEST] War Dialers iNature - David Martin (Sep 05)
- Re: [PEN-TEST] War Dialers Todd Beebe (Sep 05)
(Thread continues...)