Penetration Testing mailing list archives

Re: Modem detection in a LAN

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sat, 9 Mar 2002 15:25:30 -0500 (EST)


Why not check those machines for ppp and slip network interfaces?  Some
folks certainly might not require dhcp and it should not be getting dhcp
assignment from the internal LAN for an external connection outside that
LAN.  

Thanks,

Ron DuFresne

On Fri, 8 Mar 2002, Jacek Lipkowski wrote:

On Fri, 8 Mar 2002, Olivier Busolini wrote:

I have been very interested by the information found, and I am now looking
for a simple automated tool that could be run to detect a modem connected to
an *nix or windows machine in a LAN.


If you have a dhcp server on the network look at the dhcp client ID's.
A standard NT box will reserve a pool of IPs for modems. The client
identifiers for those leases will start with 0x52 0x41 0x53 or "RAS". This
should also be true for win2000. Also, someone told me once that windows
platforms broadcast some junk to the network periodically when they have a
modem attached (probably some plug and pray mechanism).

For unix boxes you could try a script that greps /etc/inittab for unusual
getty entries (if you have access to those machines).

Still wardialing is your best bet.

jacek





----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Modem detection in a LAN Olivier Busolini (Mar 08)
- Re: Modem detection in a LAN Jacek Lipkowski (Mar 09)
  - Re: Modem detection in a LAN R. DuFresne (Mar 10)
- <Possible follow-ups>
- RE: Modem detection in a LAN Sawyer, John H. (Mar 09)
- RE: Modem detection in a LAN Jacek Lipkowski (Mar 11)
- RE: Modem detection in a LAN Thor (Mar 11)
- RE: Modem detection in a LAN Thor (Mar 11)