Penetration Testing mailing list archives

Re: Modem detection in a LAN

From: Jacek Lipkowski <sq5bpf () acid ch pw edu pl>
Date: Fri, 8 Mar 2002 22:06:04 +0100 (CET)

On Fri, 8 Mar 2002, Olivier Busolini wrote:

I have been very interested by the information found, and I am now looking
for a simple automated tool that could be run to detect a modem connected to
an *nix or windows machine in a LAN.


If you have a dhcp server on the network look at the dhcp client ID's.
A standard NT box will reserve a pool of IPs for modems. The client
identifiers for those leases will start with 0x52 0x41 0x53 or "RAS". This
should also be true for win2000. Also, someone told me once that windows
platforms broadcast some junk to the network periodically when they have a
modem attached (probably some plug and pray mechanism).

For unix boxes you could try a script that greps /etc/inittab for unusual
getty entries (if you have access to those machines).

Still wardialing is your best bet.

jacek





----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Modem detection in a LAN Olivier Busolini (Mar 08)
- Re: Modem detection in a LAN Jacek Lipkowski (Mar 09)
  - Re: Modem detection in a LAN R. DuFresne (Mar 10)
- <Possible follow-ups>
- RE: Modem detection in a LAN Sawyer, John H. (Mar 09)
- RE: Modem detection in a LAN Jacek Lipkowski (Mar 11)
- RE: Modem detection in a LAN Thor (Mar 11)
- RE: Modem detection in a LAN Thor (Mar 11)