Sandstorm Enterprises PhoneSweep 4.4 User Manual Sandstorm Enterprises, Inc. PO Box 381548 Cambridge, MA 02238-1548 http://www.sandstorm.net sales@sandstorm.net support@sandstorm.
[This Page Intentionally Blank] 2
Table Of Contents Legal Notices................................................................................................................................9 End User License Agreement....................................................................................................9 1 Introduction .........................................................................................................................12 1.1 1.2 1.3 1.4 2 Why Worry About Unsecured Modems? .............................
3.1.1 Dialing Computer................................................................................................30 3.1.2 Operating System ................................................................................................31 3.1.3 A cautionary note on laptop computers and Windows NT .................................31 3.1.4 Modem and multi-port serial I/O hardware recommendations ...........................31 3.1.5 Modem Phone Line(s)........................................................
4.3 Setting Scheduled Start and Stop times ........................................................................55 4.3.1 Schedule Sweep Start Time.................................................................................55 4.3.2 Schedule Sweep Stop Time.................................................................................55 4.3.3 Canceling Scheduled Starts and Stops ................................................................55 4.4 Setting Time Options ..............................
5.8.3 Identification of remote systems .........................................................................81 5.9 Rescanning a Profile .....................................................................................................81 6 Importing and Exporting Data ..........................................................................................82 6.1 Importing Phone Number Lists.....................................................................................82 6.1.
10.3.5 Numbers that report “VOICE”..........................................................................101 10.3.6 Fax machine issues............................................................................................101 10.3.7 Incorrectly configured software ........................................................................101 10.3.8 Numbers that consistently time out...................................................................101 10.3.9 Default passwords ...........................
Contacting Sandstorm Sales..................................................................................................134 Appendix E: Architecture and the Command Line.............................................................135 Running PhoneSweep from MS-DOS ..................................................................................135 PhoneSweep Command Line Arguments .........................................................................135 Environment Variables.........................
Legal Notices Danger Warning: This program, PhoneSweep, is designed to test computer system security on telephone networks. It may be used by authorized personnel only, and only when requested by the computer system owners. Any other use may be illegal, or cause injury or financial loss. PhoneSweep may only be used by authorized licensees, who agreed upon installation to all of the terms and conditions of the end user license below: End User License Agreement Sandstorm Enterprises Inc.
PAID FOR THE LICENSED PROGRAMS. THE LICENSED PROGRAMS ARE NOT INTENDED FOR PERSONAL, FAMILY OR HOUSEHOLD USE. Any suit or other legal action relating in any way to this Agreement or to the Licensed Programs must be officially filed or officially commenced no later than one (1) year after it accrues. This warranty gives the customer specific legal rights, and you may also have other rights, which vary from state to state. 4.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word 'cryptographic' can be left out if the routines from the library being used are not cryptographic related :-). 4.
1 Introduction Welcome to PhoneSweep! PhoneSweep® is a telephone system security audit tool that searches for modems, fax machines, and other devices within a set of phone numbers. PhoneSweep can identify security risks such as unsecured modems and potential vulnerability to toll fraud. 1.1 Why Worry About Unsecured Modems? The presence of unsecured or misconfigured modems attached to computers on your network can undermine a well thought-out security plan.
1.3 New Features in PhoneSweep 4.4 The significant new features of PhoneSweep 4.4 are: • Supports newer version of Conexant chipset. • The bruteforce username/password list can now be viewed and edited from the Effort tab. • New option to run a report after a sweep is complete. • New option on license screen to start with a new or different profile. • New right-click popup menu on Modems and Status tabs allows reset of modems, and setting of options for all modems (on Modems tab).
dongle is attached. This helps protect PhoneSweep from unauthorized use within your organization, or theft or piracy by people outside your organization.
2 A Tour Of PhoneSweep The concept behind PhoneSweep is simple. PhoneSweep uses one or more modems to place calls to a specified list of phone numbers. If a call to a remote phone number is answered, PhoneSweep collects and records information about the answering device. PhoneSweep is highly configurable and offers advanced features such as system identification, brute force username/password guessing, and customizable reporting. 2.
Take a moment to familiarize yourself with features of the PhoneSweep window: • Pull-down menus: the File, View and Help menus. • Horizontal toolbar: this button bar allows you to easily control your scan and to save or discard customizations. • Percent Done bar: this thick dotted blue line indicates how far your current scan has progressed. On the right hand side, Phone Sweep provides the percentage of the scan that has been completed - in this case 0%.
Report Generate a standard report based on the information in the current profile, or a differential report based on the results of two separate profile sweeps. Graph Generate a pie graph based on the information in the current profile (requires Excel 2000). What’s This? Click on this icon; then point at a feature on the PhoneSweep User Interface to identify that item. 2.2.
operating system running on devices it has connected to (also on Effort sub-tab). Penetrate At this Level of Effort, PhoneSweep attempts to identify remote systems and then executes a brute-force attempt to log on to systems it has identified (also on Effort sub-tab). Ready to dial There are numbers in the active profile that can be dialed during the current time period and have not yet been dialed. PhoneSweep cannot place any more calls in the present time period.
2.2.5 Phone Numbers Tab Icons Icons on the Phone Numbers tab show status by phone number. There have not been any calls to this phone number. For a prefix, indicates that there are individual phone numbers grouped within this prefix. Click on the icon to list the phone numbers using the prefix. For a phone number, there have been calls to this number. Click on the icon to see a record of all calls. 2.
• Setup->Modems tab: Use a setting for all modems, Renumber COM ports, Reset one or all modems. You can also access additional scheduling features by selecting and holding either the Stop or Start button (whichever button is not grayed out at the time) until a pop-up window appears. Scheduling is also available from the File menu. 2.4 Profiles “Profiles” are PhoneSweep’s basic unit of information storage.
2.4.2 MySQL 3.23.0 Limits on Profile Size, Number of Profiles The MySQL database that PhoneSweep uses allows you to have a large number of profiles of varying size (up to 50,000,000 records for MySQL version 3.23.0). Please Note: Sandstorm does not guarantee satisfactory results with large numbers of profiles or profiles over 10,000 numbers for PhoneSweep Plus and Plus 8 and 20,000 numbers for Plus 12 and 16.
>Effort sub-tab. Once set, PhoneSweep’s current level of effort is indicated by an icon at the bottom of the PhoneSweep window, as well as displayed on the Setup->Effort sub-tab. The three levels of effort available are: • Connect. When this level of effort is specified, PhoneSweep will call each telephone number, classify the answer (if any) as Voice, Modem, Fax, etc. and then hang up. At Connect level of effort, PhoneSweep listens only; no information is exchanged. • Identify.
username/password files for PhoneSweep to use (please see Section 6.2, Importing Brute Force Information.) • systemdefault.txt: This file contains a master list of default user name/passwords used by many common operating systems, that you can use as a resource to verify that the default user name/password setting on the systems in your workplace have been changed..
Finally, you can also export PhoneSweep-generated data such as phone numbers and call results using the Export button. See Section 6.3, Exporting Data, for more information. 2.9 Single Call Detect (SCD) Single Call Detect (SCD) is a unique PhoneSweep feature that speeds telephone scanning and improves the accuracy and detail of information collected in the scan. In SCD mode, PhoneSweep listens to and evaluates each telephone call as it is made, and modifies its calling behavior accordingly.
SCD speeds telephone scanning in two ways: • Reduces the time necessary to detect voice responses and second dial tones. • Reduces the total number of calls PhoneSweep has to make in order to accurately identify data and fax devices (Voice lines and second dial-tone lines are not called back a second time). With SCD, the dialing modem quickly identifies the response and terminates.
2.10 Controlling when phone numbers are called There are times at which it would not be appropriate to call some phone numbers in the course of a PhoneSweep scan. PhoneSweep allows you to control when phone numbers are dialed by specifying: • The days and times to call each number contained in a given profile (time periods) • Specify Blackout hours within or crossing time periods when PhoneSweep should not dial phone numbers assigned to given time period(s).
PhoneSweep will not dial any numbers until Outside hours begin at 5:00 PM (You will see the green radar going on the bottom right hand side of the user interface even when no numbers are being dialed). 2.10.3 The Blackout period To exclude specific periods from PhoneSweep’s dialing without changing the time period settings, you can use Blackout Start and Blackout End under the Setup->Time sub-tab.
Sandstorm does not warrant that the emergency number screening feature will block all attempted calls to emergency numbers in your area. PhoneSweep will not attempt to automatically block calls to emergency numbers other than those listed in the emergency number screening list. It is your responsibility to be aware of the emergency numbers in your area, and to block them or avoid including these numbers when creating lists of phone numbers for PhoneSweep to dial.
configured to terminate calls before your voicemail system answers. Be aware that if your modem does not support remote ring detection (that is, if it doesn't report each time the remote phone rings) only the seconds-based timeout will be used. You should set the seconds-based timeout to be equivalent to the correct number of rings. This testing injury is less likely if you are using SCD.
3 Installation and Setup This section guides you through the process of getting ready to run PhoneSweep. To successfully install and begin using PhoneSweep, you must: • Have TCP/IP, Winsock 2 and HTML help installed on your computer. • Select appropriate modems for your computer. 3.1 System Requirements 3.1.1 Dialing Computer If PhoneSweep will be in continuous operation or will be mission critical, we recommend that you install PhoneSweep on a well-maintained PC with up-to-date software (e.g.
Of course, the more data you need to store, the more disk space you will need. If you are using PhoneSweep with four or more modems, you will also need appropriate hardware to connect the modems to your computer. (See section “Modem and multi-port serial I/O hardware recommendations” below). Additional Minimum System Requirements: For PhoneSweep Plus 12 or 16: 600-700 MHz Pentium III or equivalent and 128 MB of RAM If you have profiles over 20,000 numbers (i.e.
For PhoneSweep Plus 12 and 16 (Desk tops only), we recommend the use of: • Multi-Tech ZDX Modem Rack (http://www.multitech.com) which takes up to 12 Multi-Tech MT5600ZDXV modems. (For PhoneSweep Plus 16, you would need to place 4 standard Multitech MT5600ZDXV modems to the side). • Digi AccelePort 16em (http://www.digi.com) multi-port, which provides 16 serial I/O ports for your desktop, connecting through a PCI card. 3.1.
If you are not sure which version of Windows 95 is installed, right click on the “My Computer” icon on the Windows desktop. Select the “Properties” option, and look under the “General” tab. On the upper right-hand quadrant of the tab, underneath the “Windows 95” line, is the version number. If the version number is 4.00.950 A, Windows 95A is installed, and you should run the msdun13.exe patch if the machine running PhoneSweep does not have a full-time network connection.
3.4 Preparing to install and run PhoneSweep Before you install, reinstall, upgrade, or run PhoneSweep, prepare your computer by following these steps: • If you are installing PhoneSweep Plus 4,Plus 8, 12 or 16 for the first time, we recommend that you install multi-port cards with their respective COM ports before installing PhoneSweep. Make sure that your PC can see the COM ports. This helps to separate hardware install problems from PhoneSweep problems.
3.5 Installing PhoneSweep Note that you cannot reinstall or upgrade PhoneSweep while the program or any parts thereof are running. If an attempted installation results in an error message indicating that parts of PhoneSweep are still running, you can use the Task Manager (accessed by simultaneously pressing CTRL-ALT-DELETE) to kill the parts of PhoneSweep that are still running, including MySQLd, or reboot your computer. Insert the PhoneSweep CD-ROM into your CD-ROM drive.
You can attach other devices to your computer’s parallel port while the dongle is in place. You can attach peripherals such as a Zip drive, a Visioneer PaperPort, another vendor’s dongle, or even a printer. When attaching another device to the same parallel port as a PhoneSweep dongle, connect the dongle directly to the computer and connect the other device to the dongle. 3.6.1 Laptop models known to have problems with the dongle: Sandstorm has encountered a few hardware-specific problems with the dongle.
Manual Installation: If your system was unable to detect the USB dongle, manually install the driver as follows: 10. Plug the dongle into an available USB port. 11. Open the Control Panel. Open the Add New Hardware or Add/Remove Hardware panel, depending on your system. 12. Follow the steps to add a new device. When you are given the option to choose a device type, choose "Other Devices" (Win98) or "Add a new device" (Windows 2000). 13.
If you want to use PhoneSweep to scan ISDN devices, please refer to Section 3.9 “Recommended ISDN capable modems“. We recommend that you if want to scan both ISDN and Analog modems, you run separate scans over two different modems. ISDN modems are not Single Call Detect capable. If you plan to use multiple modems, you must install a Multi-Port Serial I/0 card: Please see More about Modem capabilities: Some modems can report more information about the results of a call than other modems.
3.8 Recommended Modems The specific modems that Sandstorm Enterprises recommends as of July 2002 are listed below. All these modems have been tested by Sandstorm and support Single Call Detect. Sandstorm Enterprises is a reseller for some SCD-capable modems within the U.S., Check the Sandstorm website (http://www.sandstorm.net/support/phonesweep/recmodems.shtml) for current information.
• Best Data Smart One USB external 56K, Model #56USB. (http://www.bestdata.com). Windows 95 and 98 only. USB modem, featuring Rockwell/Conexant's 3.3v chipset technology. • Creative Modem Blaster 56K internal ISA, Model #56SX. (http://www.bestdata.com). Internal ISA modem, featuring Rockwell/Conexant's 3.3v chipset technology. 3.8.2 Other modems tested by Sandstorm Sandstorm is constantly testing new modems to find those that work best with PhoneSweep.
Australia/ New Zealand Lightfax 56k V90 We have some reservations about this modem, as we have only found the manufacturer’s home page, and only two online retailers. http://www.wyntec.com.au/modem.htm http://www.pcsol.com.au/modems.htm Sweden, Austria, Germany, ELSA Microlink 56K Office This modem is being used successfully in Sweden and Austria to sweep Analog lines on Hybrid ISDN/Analog PBXs. http://www.elsa.
manufacturer who specializes in manufacturing modem and power adaptors for mobile devices. Teleadapt is one such company: http://www.teleadapt.com. 3.11 Testing COM ports, Modems using checkmodems.exe Checkmodems.exe can be found in the PhoneSweep directory. Because PhoneSweep controls each modem directly, PhoneSweep can use COM ports from COM 4 up to and including COM 255. Checkmodems.exe can scan all COM ports from 1 to 255. It can also be used to check specific ports.
If checkmodems.exe finds the modems, but PhoneSweep says it can’t find the COM ports, please verify which COM ports checkmodems.exe reports finding modems on, then go to the PhoneSweep options Setup->Modems sub-tab. If your modems are not set to the same COM ports that checkmodems.exe reports, you can change the COM ports by clicking on the drop down menu in the COM port column next to each modem. 3.
If you are running the Windows 95/98 operating system, you can easily generate a list of the IRQ and I/O Address assignments on your computer: • Right click on the "My Computer" desktop icon. • Click the "Properties" menu. • Click on the "Device Manger" tab of the "Systems Properties" window. • Double-click on the word "Computer." This will show your computer's IRQ assignments. The table below shows the IRQ and I/O Address assignment for a new laptop computer running the Windows 98 operating system.
3.13 Equipping a Desktop Computer with Multiple Modems See http://www.sandstorm.net/support/phonesweep/multiport.shtml for up-to-date information on recommended multi-port solutions. There are many strategies for configuring a desktop computer to use multiple modems: • The simplest is to equip your computer with a PCI or USB-based multi-port serial I/O expander and use external modems. • Sandstorm recommends SeaLevel’s Versa-COMM 4-port (model 7401) and 8-port (model 7801) cards (http://www.sealevel.
• Once you have installed the multi-port card, octopus cable(s), and drivers, check your COM ports as follows: • Open the Systems Properties box in the Control Panel, and select the Device Manager tab. • Check Multi-port Devices. Your card should be listed there. • Check COM ports under Ports (COM and LPT): o For 4 ports, COM ports 5-8 should have modem drivers. o For 8 ports, COM ports 5-12 should have modem drivers.
3.15 Equipping a Laptop with Multiple Modems Before selecting a laptop computer to run PhoneSweep Plus or Plus 8/12/16, be aware that PhoneSweep has historically had fewer problems on laptops running Windows 95, 98, or 2000 than on those running Windows NT. Windows NT, in fact, does not support the simultaneous use of two Quatech 4-port PCMCIA cards. For this reason, PhoneSweep Plus 8 is not supported for Windows NT on laptops.
4 Setting Up a Sweep Before you can start a PhoneSweep scan, you must give the details of what is to be scanned and the parameters to use during that scan. These steps will get PhoneSweep ready to scan: • Click on the Setup->Profile sub-tab to either select an existing profile to scan or to create a new profile (you can have as many profiles as you have memory for).
The Profile sub-tab view, found under the Setup tab, is divided into two parts: • The left pane displays the Profiles List, which is a complete list of profiles currently in use by PhoneSweep. (At startup, PhoneSweep searches the Profiles folder for any database file beginning with “PS_”. If you have a removed a “PS_name” folder from the Profiles folder, that profile will not be displayed on the Profiles List.). • The right pane displays the Profile Note for the highlighted profile in the Profiles List.
phone numbers can be kept in each PhoneSweep Plus or Plus8 profile and 20,000 numbers can be kept in each PhoneSweep Plus 12 and Plus 16 profile. Note that these limits are per profile, not per-program. There is no limit on the number of profiles you can set up, although you may find that profiles become difficult to manage once you have over 100 or so. In this case, you can copy the profiles you don't need immediate access to into another directory, or use a backup utility to archive them.
Clicking on a folder allows you to see all the numbers in that particular folder, as well as the time period(s) in which each number is to be dialed. Right-clicking on a folder brings up a pop-up menu that allows you to expand or collapse the current folder or all folders in the current view, as well as ”Find...” text within the Phone Numbers tab. Searching will begin at the current folder. 4.2.
• the letters x or X (for extension). In other words, a legal phone number is a phone number made up of any characters in this list: 1 2 3 4 5 6 7890().,-*#xX Additionally, the special Touch Tones A, B, C, and D can be included in a phone number. Please note that these Touch Tones are not used in most telephone systems. If your phones have buttons labeled A, B, C and D, you should consult the phone switch documentation before telling PhoneSweep to dial these characters.
Use the Add Phone Numbers dialog box to: • Add either a single phone number or range of phone numbers to the current open Profile. • Set time periods for PhoneSweep to call each phone number or range of phone numbers • Set custom note associated with each phone number or range of phone numbers • Set whether PhoneSweep should call each phone number during each time period you specify, or just make one call, which can occur during any of the time periods that you specify.
4.2.4 Telling PhoneSweep when to call phone numbers (Time Periods) The Add a Phone Number dialog box allows you to specify the time periods for PhoneSweep to dial a given phone number or range of phone numbers. Please note, PhoneSweep will not dial any phone number outside the hours you set for that number or range, though the radar-like Sweep Icon is moving ).
• For all phone numbers in a Profile: Right click on any prefix folder or phone number record, and choose Alter All Phone Numbers. This will alter the numbers you did not right-click, as well as the ones you did. 4.3 Setting Scheduled Start and Stop times 4.3.1 Schedule Sweep Start Time Left-click and hold down the Start button to display the scheduling options popup, or bring up the submenu under File->Start.
4.4 Setting Time Options The Time sub-tab, found under the options Setup tab, allows you to control time periods and other time related features that PhoneSweep uses when dialing: • Define the time period designated Business Hours ( Hours ( ).
• Set the default Import Time Period(s) which PhoneSweep assigns to phone numbers imported into a PhoneSweep profile without an accompanying time period code (See Importing and Exporting data). Note: The Time sub-tab does not assign time periods to phone numbers, except when you Import phone numbers without associated time period codes. You can assign time periods when you add or edit phone numbers on the Phone Numbers tab, which was covered in the previous section. 4.4.
To set the Blackout Hours field, click on the hours or minutes field as appropriate and choose the desired time from the pull-down menu. To remove a blackout you have specified, change Blackout Start and Blackout Stop to the same value or set both back to 00:00. Note: You can set Blackout times to cover part of Business Hours; however, if you want to blackout business hours entirely, we recommend you do not use Blackout.
4.5 Setting up your Modems The Modems sub-tab, located under the Setup tab, displays modem configuration information for only the number of modems allowed by your PhoneSweep model license. Thus, you will see a line for one modem for PhoneSweep Basic, four for PhoneSweep Plus, eight for PhoneSweep Plus8, and so on. For changes to take affect on this sub-tab, you need to select the Save icon along the top of the PhoneSweep UI.
clicked upon. You can also renumber the COM ports for all modems starting at the item right-clicked upon. These settings will not be saved until you click the Save button. In order to sweep, PhoneSweep requires at least one modem to be powered on and connected to the computer, and the correct COM port must be assigned for each modem on the Modems sub-tab before PhoneSweep can detect the modem. 4.5.
Specify Modem Initialization Strings. Initialization strings are commands that are sent directly to the modem to specify various aspects of its behavior. Type any modem initialization strings directly in the box to the right of the appropriate speaker control for each modem. Remember to leave the letters AT at the start of your initialization string. (PhoneSweep’s default initialization string for each modem is: ATE1Q0V1). Important: Do not use the command &W in your initialization strings.
4.6 Setting Level of Effort The Effort sub-tab, located under the Setup tab, controls which Level of Effort PhoneSweep will use when dialing phone numbers, as well as what actions to take in that mode. PhoneSweep automatically saves changes made on this sub-tab so you do not need to save changes by clicking on the Save icon. The Effort sub-tab allows you to: • Set Level (of Effort), which controls how much information PhoneSweep will attempt to gather when it calls each phone number.
• Penetrate ( ): PhoneSweep attempts bruteforce (guess) username/password combinations on systems it was able to Identify. If successful, PhoneSweep will immediately hang up and go no further. • Control what PhoneSweep will scan for (All Levels of Effort): • Both Modems and Fax Machines where Phone Sweep will call twice to search for Fax/Modem lines (Voice and other lines called once). • Modems only where PhoneSweep will call each line just once as it searches for just modems.
If PhoneSweep does freeze during a sweep, please do not restart PhoneSweep. Instead save a copy of the phonesweep.log to send to Sandstorm Support, noting if there were any other programs, virus checkers or network connection attempts during the time of the sweep. Sandstorm support will then attempt to identify which number caused problems with PhoneSweep.
Content of Profile Should recycling be enabled? Ten phone lines on first system No – these phone lines all reach the same system and a single username/password database. Twenty phone lines on second system No – these phone lines also share a single username/password database Fifteen miscellaneous phone lines Yes – Any modems connected to these phone lines probably reach multiple systems, each with its own username/password database.
bruteforce.txt file initially installed with PhoneSweep contains a basic list of common username/password combinations, but most users will need to make changes to it to suit the needs of their organizations. Changes can be made in any of these ways: 1. Edit the username/password list directly on the Effort tab. These changes will be recorded to the internal database. If you want the changes to be applied to the bruteforce.txt file, use the Export button to export the changes to the file. 2.
brutecreate.exe does not evenly distribute Username/Password combinations throughout the bruteforce.txt file. You must do this after using brutecreate.exe to populate the bruteforce.txt file.). Replacing the bruteforce.txt file while a sweep is in progress is not recommended. If you do so, PhoneSweep may repeatedly dial a phone number and hang up immediately, without completing the scan. Also, the percentage of brute force guessing that was completed will not be accurate in any report you generate.
To add to the current bruteforce.txt, you must supply your own list of user names in a text file. Each user name must be on its own line, followed by a carriage return. For passwords, you can use either the supplied password source files listed above, or provide your own. As is the case with the username file, each password must be on its own line, followed by a carriage return. Sample brutecreate.exe input and output files are included as an example in Appendix F: Sample brutecreate.exe Output File.
4.7 Setting Dialing Options The Dialing sub-tab, located under the Setup tab, allows you to customize PhoneSweep’s dialing behavior for a particular calling profile. Changes made to the Dialing sub-tab must be saved using the Save icon at the top of the PhoneSweep window.
• Set the number of times PhoneSweep will call back numbers that were busy (Busy redial after calls). • Activate or disable Sequential dialing of phone numbers (We recommend you do not enable Sequential dialing, so PhoneSweep will dial numbers randomly) • Enable or disable Emergency Number (911) Screening and modify the Emergency Number (911) Screening list (on a per-profile basis). (We recommend you never disable this list).
There are three possible PPP identification/brute-forcing settings: • Normal PPP: In this mode, if PhoneSweep attempts to identify a text protocol and fails, it will see if the remote device will respond to PPP protocol packets. • Never use PPP: In this mode, PhoneSweep will not send PPP packets to attempt to identify a system that it cannot identify with text protocols. • PPP only (no text): In this mode, PhoneSweep will only identify and brute-force systems which respond to PPP protocols. 4.7.
o Never use Single Call Detect disables SCD, and relies entirely on any Voice recognition support in your modem to avoid leaving empty voice-mail messages. (Use this setting for troubleshooting call results and in cases where it seems your modem does not seem to be using Single Call Detect). 4.7.8 Setting single call voice timeout This timeout determines how long PhoneSweep waits for a modem or fax response after it detects that something has answered the phone.
5 Sweeping “Sweeping” describes PhoneSweep’s active mode of operation: When you start a sweep, PhoneSweep actively checks the current time period against the time periods assigned to each phone number in the current open Profile. When there is a match between the Actual and assigned time periods, PhoneSweep dials that number. 5.
• Determine how your PBX and phone system both handle unassigned and disconnected numbers. Phone systems that give a voice message for unassigned or disconnected numbers will cause these numbers to be reported as voice lines. • Determine if you need to dial a 9 or other special codes when dialing lines outside your phone system. You can enter these as needed in either the Prefix or Suffix fields on the Setup->Dialing sub-tab. 5.
5.5 Sweeping for ISDN devices When scanned, most ISDN modems will respond to incoming analog calls. Some ISDN modems, such as the Motorola Bitsurfer, will respond only to ISDN data or ISDN data-over-voice calls. To find such modems, scan first with an ISDN modem, and then follow up by scanning with a normal modem. • For scanning purposes, we are not aware of any ISDN modems that support Single Call Detect.
5.6.1 Estimated Progress The Estimated Progress area of the Status tab shows the estimated progress for the current sweep. PhoneSweep estimates: • The rate at which PhoneSweep is executing the sweep in Calls Per Hour • The number of Calls Remaining (yet to be made.) • The Total Calls it expects the sweep will require • Time Until Finish These estimates will usually change rapidly at the beginning of a sweep.
5.6.2 Actual Progress The Actual Progress area of the Status tab displays: • The number of phone calls completed • Elapsed time spent sweeping. This measures only time spent sweeping, not the total time elapsed since the Start button was clicked. 5.6.3 Modem Status The bottom of the Status tab displays information about what the modems are currently doing. For example, your modems may be • Idle.
The History tab shows you: • The date and time a call was made. • The modem that placed the call. • The number that the modem called. • The result of the call. The Freeze/Thaw button stops and starts the real-time display. Clicking on the button will toggle it between these two states. When the button is toggled to Freeze, the call history is stored in a buffer until the button is toggled to Thaw.
5.8 Viewing Your Results The Results tab summarizes the responses PhoneSweep has received from numbers it has dialed. Each folder icon on the display contains a list of phone numbers that have given responses in the indicated category. If no phone numbers have elicited a particular category of response, this is indicated by a small icon of a telephone handset. Like the Status tab, the display on the Results tab is also updated in realtime as a sweep progresses.
5.8.2 Categories of results Busy The phone number was busy. Fax A fax machine answered the remote phone number. Screened The phone number was not dialed because the number matched our test for an emergency number. Timeout PhoneSweep did not receive a carrier signal within the designated wait interval. Ring Timeout No person or device answered the phone before the specified number of rings (requires "remote ring" support in your modem).
5.8.3 Identification of remote systems PhoneSweep can only identify computer systems for which Sandstorm Enterprises has determined correct response strings (presently over 450 systems). If you encounter a system that PhoneSweep cannot identify, please contact Sandstorm. We will incorporate the response strings into the next version of PhoneSweep. For a complete list, please see List of Identified Systems in Appendix I. 5.
6 Importing and Exporting Data There are times when entering information manually into PhoneSweep would require a prohibitive amount of work. Therefore, PhoneSweep allows you to import pre-existing sets of phone numbers and brute-forcing information. 6.
• Note: Because there is no time period given in the last example, the default import time period will apply (See “Default Time Period” below.). The phone number field can include the characters 1 2 3 4 5 6 7 8 9 0 ( ) . - # x X a A b B c C d D. Phone numbers and time periods can contain quotes; quotes will be stripped out by the import function and changed to spaces. This also means that the format “phone number”, “time period code” will be imported correctly.
Business Hours, Outside Hours, & Weekends (Any time period) 30 A sample file that would dial the numbers 555-1212 during business hours, 555-1213 during any time period, and set 555-1214 to use the default import value would be: 555-1212 2 555-1213 30 555-1213 Note that the is an ASCII Tab formatting character (control-I, decimal value 9). 6.1.
6.2.1 Formatting imported Username/Password pairs To import a file containing a list of Username/Password pairs, click on the Import button. When the Import Dialog box appears, enter the name of the file containing the list of phone numbers, select the “Usernames/Password” Import Options, and then click OK. For PhoneSweep to be able to use imported username and password files, the following formatting must be used: The username and password are each delineated by double quote characters.
6.3 Exporting Data 6.3.1 Exporting Call History To export a comma-separated list of the results of all calls PhoneSweep has made, select the History tab and click on the Export button.
SCD mode call 4 SCD mode specifically trained to listen for Fax 21 In the above example, Faxcall=2, indicating a data call was placed. Faxcall values other than those listed above indicate combinations of call types, and are the sum of the values for the call. For instance, a call made in SCD mode (4) that is both a fax and a data call (3) will have the value 7.
Otherwise, the bruteresult field is generated by a username result and a password result. The codes are: Bad_Username 2 No_Username 4 Good_Username 8 Bad_Password 16 No_Password 32 Good_Password 64 The username and password fields The username and password fields record which username and password were used in a brute-force guess. If no brute-force guess was made (bruteresult = 0), then the username and password will be empty strings.
7 Generating PhoneSweep Reports The Report feature takes PhoneSweep call results and organizes them into an easily readable form that highlights problems and vulnerabilities. PhoneSweep reports are clearly formatted, easy to review and suitable for printing or importing into other documents. PhoneSweep can generate two basic types of reports: a report of what happened in one profile and a report that compares two profiles and indicates all the differences found (Differential Report).
The Optional Sections are formatted to be read from beginning to end. The Appendices are not intended to be read from start to finish; they are included as reference material. 7.1.1 Anomaly Detection The Anomaly Detection section lists any anomalies that PhoneSweep found during checks on remote modems. Anomalies are inconsistent responses from one call to the next; they often indicate an unauthorized or misconfigured modem.
7.1.5 Appendix C: List of All Calls and Their Results Appendix C simply lists in chronological order every call that PhoneSweep made during the sweep. Included is the response made by the remote phone number and any brute-force username/password guessing, successful or unsuccessful. Appendix C may large, especially if you are scanning a large profile or if you have a long username/password list.
Section Marker Section Content #7# Print the Anomaly section. This section contains phone numbers that responded in odd ways. #9# Print a list of phone numbers that PhoneSweep successfully Penetrated. #10# Print modem responses from systems that were successfully Penetrated. #12# Print all phone numbers that responded with Carrier. #13# Print all phone numbers that were always Busy. #14# Print all phone numbers that responded with Second Dial Tone.
%DATEGEN% The date and time the report was generated. %DATESTART% The date and time PhoneSweep started scanning. %DATESTOP% The date and time PhoneSweep stopped scanning. %DN% Total number of phone numbers dialed in data mode (checked for Carrier). %DFN% Total number of phone numbers dialed in fax mode. %DFPC% Percentage of numbers dialed in fax mode. %DPC% Percentage of assigned numbers dialed in data mode. %ETIME% Total time spent sweeping phone numbers.
8 Differential Reporting Differential reporting is a PhoneSweep feature that produces a report listing the differences between two calling profiles. This is useful for ensuring that threats have been removed and identifying threats that may have appeared since a previous sweep. To generate a Differential Report, call up the Report Dialog box, either click the Report button in the button bar at the top of the PhoneSweep window or select Report from the File menu to generate the report.
8.1.1 Heading The heading of the differential report contains the following information: • The date and time when the differential report was generated. • The name of the old calling profile. • The name of the new calling profile. • Each scan's level of effort. • The devices that each scan was configured to search for (modems, fax machines, or both). • The value of Busy Redial in each profile. 8.1.
9 Graphing Call History Results If you have Microsoft Excel 2000 installed, the results of the current profile can be sent to Excel automatically to display a pie chart of the call results. Select the Graph button after or during a sweep. There will be a delay while Excel starts. When it does, you will be prompted to enable Macros. Click to enable Macros; then after the spreadsheet loads, click on the large yellow button entitled “Click here to create a pie chart of your sweep results.
10 Evaluating the Results of Your Scan The following chart shows the normal results of a scan, sorted by type of device, level of effort, and whether or not Single Call Detect (SCD) was used. 10.
10.1.
Carrier Misidentifications: Occasionally during the beginning and end of a sweep with multiple modems, some Carrier lines will misidentify as voice lines if two modems attempt to call the same number at the same time. 10.1.
In some cases, a phone switch can make a click when a call is handed off to another component or an external trunk. Sometimes, PhoneSweep may interpret this click as the call being answered. If so, PhoneSweep may misidentify calls. When PhoneSweep senses that the call has been picked up, it starts a timer. If PhoneSweep does not get tones from a modem or fax machine before the timer runs out, PhoneSweep hangs up and records VOICE, although in fact the call may not even have been answered yet.
10.3.4 Combination answering machine/fax The main threat from a combination answering machine/fax is that an unauthorized modem will find its way onto the line. The answering machine/fax does not pose a threat in and of itself. 10.3.5 Numbers that report “VOICE” Numbers that report VOICE are most likely human-answered phones or voicemail, and generally do not pose a security threat, although they should be investigated if it is not known who is responsible for a particular line.
numbers give busy signals. In this case, numbers that time out may represent phones that are misconfigured (they don’t go to voicemail, or have been call-forwarded outside the organization). If you get Timeout for valid lines and do not get it on some other lines, check the lines that don't get Timeout. You can call a known disconnected number to see what response to expect from your switch.
Faxes known to generate mis-identifications at Connect level of effort only: • Xerox Work Center Pro 657 • Xerox DC 332 (Data copier with Fax (Super Group III) and networking addons • Potentially other Xerox Data copiers with Fax addons that use the Super Group III protocols (as reported at one site - all their Super Group III Xerox machines generated Mis-Identifications at Connect level of effort).
11 Customizing PS Defaults Using the PhoneSweep.INI file If you want to change the default values that PhoneSweep uses when it creates a new profile, modify the phonesweep.ini file. The phonesweep.ini file is a standard Windows INI file. There are currently two sections, the [globals] section and the [vars] section. All variables are in the form NAME=VALUE, each on a line by itself. Any variable not present in the file will be set to its standard PhoneSweep default, and illegal lines will be ignored.
The [globals] section sets per-machine variables. Type Default Global Variable Name Legal Variable Values String FAX-INIT-STRING-1 String FAX-INIT-STRING-2 Any legal initialization string (must start with AT). Remember not to include &W in the string! Used in fax mode. String FAX-INIT-STRING-3 String FAX-INIT-STRING-4 Y or N. Despite its name, this setting no longer controls COM: ports, only which modem is activated.
DIAL-SUFFIX String "" Legal phone number characters EFFORT-LEVEL INT 1 1 (Connect) 2 (Identify) 3 (Penetrate) EXPORT-ONLY-QUOTE-STRINGS Boolean N Y (Only quote fields that are strings) N (Quote all exported fields) EXPORT-VERSION-1-0-FORMAT Boolean N Use the old version 1 export format (backward compatibility feature). IMPORT-DEFAULT-TIMEPERIOD INT 30 Default timeperiod for imported phone numbers.
Appendix A: Glossary : Carriage Return. A non-printing ASCII character meaning “Move cursor to beginning of line/end of command.” Often used in conjunction with a Line Feed character, i.e. . : Line Feed. A non-printing ASCII character meaning “move cursor to next line”. Often used in conjunction with a Carriage Return character. 24-Hour Format: A way of expressing times that unambiguously designates the time of day without using the suffixes AM or PM.
to log in to devices attached to remote modems it finds. The bruteforce.txt file can be edited or replaced with another file. Brute-forcing: PhoneSweep’s attempt to log in to remote devices it finds when scanning in Penetrate mode. Business Hours: One of PhoneSweep’s settable time periods. Defaults to 0900 (9 a.m.) to 1700 (5 p.m.). You can specify that individual phone numbers be called or not called during Business Hours.
Dialup adapter: A TCP/IP protocol stack that can be installed without requiring LAN hardware. TCP/IP is required for PhoneSweep to run properly. DID: Direct Inward Dial. Differential reporting: PhoneSweep function that compares the results of two telephone scans, identifying changes. DLL file: A dynamic link library file, or shared library. Dongle: Another term for Hardware License Management Device. When attached to a computer’s parallel or USB port, allows PhoneSweep to make actual calls.
MASM: Microsoft Assembler. One of ways that non-printing characters can be represented as numbers in the report is compatible with MASM's default. Maximum calls per day: A feature of PhoneSweep that limits the number of calls that PhoneSweep may make to a particular number in a given day. Modem forced hangup: A process by which PhoneSweep deliberately makes an extra effort to hang up correctly after every call. Msdun13.
Rich Text Format: A file format for text documents. It is best read in Microsoft Word, and is also compatible with WordPerfect and some other editors. Ring timeout: A user-customizable parameter located on the Time sub-tab that specifies how long PhoneSweep will wait, in rings, for a response from the remote number before giving up and calling the next number. Note that ring timeout is not supported by most modems, including Single Call Detect capable modems.
Time Period code: A value associated with each phone number that specifies during what time periods the number may be called. When importing numbers from a file, a default value of 30 (call during any time period) is applied to any numbers that are read without a valid time period. Timeout: The number of seconds that PhoneSweep will wait for a response from a remote number before it gives up and goes on to the next number. Used with modems that do not support remote ringing.
Appendix B: PhoneSweep FAQ The PhoneSweep FAQ is a collection of Frequently Asked Questions and answers about normal PhoneSweep operations. For information on diagnosing problems and troubleshooting, please see Appendix C: PhoneSweep Troubleshooting Guide. This FAQ is arranged by topic. If a specific question and answer belongs in two categories, it will appear in both.
Can I use a profile created by one version of PhoneSweep with another version of PhoneSweep? Normally, yes. When it is necessary to revise PhoneSweep's database structure, we can ensure that newer versions of PhoneSweep will read (and convert) older profiles, but we cannot make older versions read newer profiles. For this reason, profiles created with PhoneSweep version 1.03 or later cannot be used by PhoneSweep version 1.02 or earlier. Profiles created in PhoneSweep 3.
Will HTML Help run if the computer running PhoneSweep does not have Internet Explorer installed? Probably yes, if you run hhupd.exe in the top level PhoneSweep directory. Note, however, that having IE installed on a computer does not mean that you have to use IE at all; you can keep running your preferred web browser. Can I use PhoneSweep with Remote Software? We have performed some testing with PhoneSweep with PCAnywhere and NetOp, but we cannot guarantee 100% compatibility.
Can I use PhoneSweep with Gold pack add-ons? Yes, with PhoneSweep 4.0 and above. What are the Gold add on capabilities and how are they useful to me? Gold add-on options extend PhoneSweep’s standard capabilities: • Distributed (2 copies PhoneSweep, each with Gold add on required) allows you to remotely administrate distant copies of PhoneSweep via a local copy of PhoneSweep. • E-mail notifications allows you to set automatic e-mail notifications when PhoneSweep encounters the events you specify.
Would dialing into an organization from outside the organization’s PBX rather than using PhoneSweep internally impact PhoneSweep’s performance? One disadvantage to conducting a PhoneSweep security audit from outside the organization’s PBX is long-distance charges, but only if they apply to the calls you need to make. Dialing an organization's phones from within its PBX can be slightly faster due to fewer digits being dialed and shorter call set-up times. The speed increase is rarely more than 10 to 20%.
How can I increase my chances of detecting rogue modems that the user has attempted to hide? To catch rogue modems that are only turned on part of the day, enable the Dial During Each Time Period option when adding phone numbers to the profile. To find modems that have been set to pick up after an abnormally long number of rings, increase the Timeout or Ring Timeout as appropriate on the Dialing sub-tab.
What should I do about numbers that always time out? Your response to numbers that consistently time out depends on your threat model. Typically, you should check to see if the line is actually connected to anything. A number that always times out could be a modem that does not pick up for a large number of rings, but this is uncommon and is not likely to be a major security risk.
When I start a sweep, does Phone Sweep start dialing? For example, when I start a sweep at 5pm and my outside business hours start at 7pm: will PhoneSweep dial any numbers between 5pm and 7pm? Only if there are phone numbers that have been assigned to be swept during business hours. When PhoneSweep starts dialing, PhoneSweep checks the current time period against the time periods set for the phone numbers in the current open Profile.
Appendix C: PhoneSweep Troubleshooting Guide This section contains information that can help resolve problems that crop up in the course of running PhoneSweep. Please read this section before contacting Sandstorm Technical Support. Many problems have uncomplicated solutions, and this section will usually give the quickest way to get PhoneSweep up and running again. This section is divided up into several subsections: • Information you should have available while troubleshooting PhoneSweep.
• What changed since things last worked? When PhoneSweep "just stops working," the reason is usually a side effect of some other change to the computer or its environment. Check your modem cables, telephone jacks and the software environment (O/S changes, new applications using the COM port, internal security software, etc.). Also, ask your telecommunications service if they have performed any work on the phone system that might have affected PhoneSweep.
• If you are running PhoneSweep on Windows NT, 2000 or XP, do you have write permission for the PhoneSweep directory? If you want to run PhoneSweep as a non-administrator, PhoneSweep must be able to write to its log and profile directories. An administrator can reset the Security values under the Properties of the PhoneSweep directory. If you are running PhoneSweep under certain system configurations or security settings, it is possible that PhoneSweep may need to be run by an Administrator.
only in demonstration mode and will not place any actual calls. Attach the hardware license manager to the parallel or USB port and restart PhoneSweep. • When the sweep is started, PhoneSweep immediately reports that it is finished and stops the sweep. PhoneSweep may think that it is not allowed to dial any of the numbers during any time period. This may be because the definitions of the time periods have been changed, or because Blackout Hours have been set incorrectly.
• The PhoneSweep UI freezes during a sweep. If you encounter this symptom, please contact Sandstorm. • PhoneSweep stops dialing in the middle of a sweep when no one is around to restart the sweep. To re-enable all disabled modems and cause PhoneSweep to restart dialing, use the Delay command to automatically restart the sweep a few hours in. This is a stopgap solution; please see the entries under “PhoneSweep stops dialing during a sweep” above to diagnose the cause.
• PhoneSweep identifies all numbers as a busy signal. This indicates a possible problem with dialing out. PhoneSweep may be missing a dial tone or a connection to an outside line. If you need to dial a prefix to reach outside lines and need to dial this prefix for each number in your profile, enter the prefix in the appropriate field on the Dialing sub-tab. Increasing the delay between calls on the Time sub-tab may help if the problem is not a missing prefix.
• Running a screensaver makes PhoneSweep lock up. Unfortunately, there is currently no way to ensure that PhoneSweep will run correctly if a screensaver is running at the same time. There is no way to predict whether PhoneSweep will or will not have problems with a given screensaver. Disable the screensaver if it appears to be causing problems. We have tested a third party product called Screen Lock. It works on Windows 95/98/NT/2000 and allows you to run PhoneSweep and other programs in the background.
devices that it determines are capable of fax communications. If SCD is making two calls to all numbers, use checkmodems.exe to make sure that your particular modem supports SCD. • While trying to add a range of numbers to a profile, PhoneSweep only adds a sub-range of the numbers. This is probably due to a boundary condition. Add the numbers that were missed separately, and contact Sandstorm Enterprises to report the problem.
cases, it may turn out that the manner in which the data is burned onto the CD-ROM is not compatible with your CD-ROM drive. Installing PhoneSweep by copying files from another computer may help, or Sandstorm may be able to help devise a workaround. • “The file filename is locked and not writeable”: During an installation, this means that some part of PhoneSweep was running and could not be overwritten. If the PhoneSweep User Interface is running, shut it down before attempting the install.
• SQL errors on startup: There are two main reasons why you may get an SQL error on startup. The most common is a problem with TCP/IP setup on your machine. A detailed troubleshooting guide for this can be found at http://www.sandstorm.net/support/phonesweep/mysql. The other reason may be a corrupt profile. See the troubleshooting guide for corrupt profiles at http://www.sandstorm.net/support/phonesweep/fixprofile.
Error messages on the History tab • “Modem reported modem error”: Note whether the RD and SD lights on the modem are locked on. This may be a bug that showed up in PhoneSweep 1.1. Contact Sandstorm Enterprises to report the bug. Sandstorm has a patch, which may fix this bug. • “Problem with localwrite”: This means that PhoneSweep failed in its attempts to communicate with a modem after a call had already begun. Check the connectors on the cables to your modems to see that they are firmly seated.
I’ve Tried Everything and PhoneSweep Still Doesn’t Work! First, check all the cables to the modems, and the phone jack wires that connect the modems to the phone lines. Make sure your modems are powered on. Second, reboot your PC. Windows itself can become unstable and cause problems for applications trying to run under it. If you are running PhoneSweep under Windows 95, NT, or 2000, try running PhoneSweep under Windows 98 instead.
Appendix D: Contacting Sandstorm This appendix describes how to contact PhoneSweep technical support and sales. We’re always glad to hear from you. Your comments are valuable to us - much of this manual is based on input from PhoneSweep users. By telling us what features you want to see in PhoneSweep and working with us to resolve problems, you can help us deliver a product that lives up to your expectations.
Contacting Sandstorm Technical Support On the web: Go to http://www.sandstorm.net/support/reportaproblem.shtml. The technical support web page contains an automated system for asking technical questions and submitting bug reports. By email: Send email to support@sandstorm.net. By phone: You can reach Sandstorm Enterprises at (617) 426-5056. We are generally available to answer technical support questions between the hours of 9:00 AM and 5:00 PM US Eastern Time (GMT minus 5:00).
Appendix E: Architecture and the Command Line Under normal circumstances, PhoneSweep's internal structure should be transparent to the user. However, in the event of complications, knowledge of the architecture may be helpful. The program is started when the user double-clicks on the PhoneSweep engine executable. The PhoneSweep engine then launches the embedded SQL server and the PhoneSweep user interface. The PhoneSweep program consists of three parts: • The PhoneSweep engine (phonesweep.
-nosplash Do not display the PhoneSweep splash screen. -playbuild Play the PhoneSweep build number in touch-tones through the computer’s speaker upon startup. -noantispoof Disable the requirement for an antispoof response on API connections -foreign Allow the engine to accept connections from IP addresses other than 127.0.0.1. Use with caution. -logres Log all commands sent to the PhoneSweep engine over the API, as well as all responses. -simulate Run the simulator, rather than the real dialer.
Appendix F. Sample brutecreate.exe Output File. For input, brutecreate.exe uses the following two files: • unametest.txt, with contents:* root guest usera admin userb • pwdstest.txt, with contents:* password secret toor changeme guest *Note: to use a blank (NULL) user name or password, simply type a carriage return on a line. A single space will require that you type a space then carriage return. First, clear the existing bruteforce.
bruteforce.txt, as generated by the Brutecreate.
Appendix G: A Sample Standard PhoneSweep Report Executive Summary of PhoneSweep Scan Profile Name: Report Generated: SAMPLE_REPORT Thursday, March 16 2000 12:17:52 Time of First Call: Time of Last Call: Wednesday, March 15 2000 13:44:28 Wednesday, March 15 2000 13:53:06 Elapsed Time During Scan: 9 minutes, 3 seconds Phone Numbers Assigned to Dial: 5 Number of calls made: 12 Phone Numbers Dialed using Single Call Detect™: Phone Numbers Dialed using Data-only Mode: Phone Numbers Dialed using Fax-only Mo
PhoneSweep Terminology: Term Definition Anomaly An “anomaly” is a PhoneSweep result that is not consistent and should be investigated. For instance, if a phone number is answered once with “carrier” (answered by a modem) but later on answered by a human voice, this is an anomaly and may indicate an unauthorized modem. Brute force password guessing “Brute Force” username password guessing means that PhoneSweep will call a remote number, and offer one of its assigned username/password pairs.
Tone The remote phone number answered with a dial tone. “Tone” calls may indicate a number that an outside person may use to make toll calls at your expense, and should be checked to make sure that they cannot be misused. Voice If you have a modem that can detect voice, then PhoneSweep will mark humananswered calls as “voice”. Answering machines and voicemail systems will also qualify as voice.
Discovered Modems: Total Phone Numbers With This Result Percent of Phone Numbers With Carrier 1 100.0% Identified 1 100.0% Unidentified 0 0.
Tone Numbers Found: The following numbers returned a second dial tone when called by PhoneSweep. These numbers should be closely checked to ensure that outsiders cannot make calls through an internal exchange. If these tone numbers allow long-distance or international calls, you may be a target for expensive telephone fraud. 9-- Fax Numbers Found: The following numbers responded with a FAX tone when PhoneSweep scanned them.
1-555-555-6650 1999-06-30 13:51:00 ATDT 1-555-555-6650 CONNECT 9600 Annex Command Line Interpreter * Copyright (C) 1988, 1997 Bay Networks Checking authorization, Please wait...
Appendix H: A Sample Differential PhoneSweep Report Differential Executive Summary: Report generated: Old profile: Friday, May 12 2000 11:37:15 'PBX_MAY10' Started sweeping: Wednesday, May 10 2000 13:18:34 Stopped sweeping: Wednesday, May 10 2000 13:39:16 New profile: 'PBX_MAY12'. Started sweeping: Friday, May 12 2000 10:55:49 Stopped sweeping Friday, May 12 2000 11:34:11 The effort level for both scans was set to Penetrate. Warning: PBX_MAY10 was not configured to scan for fax machines, PBX_MAY12 was.
Now failed penetrations that were successful in old profile 'PBX_MAY10' 415: root,toor - was Good username Good password, now Bad username or password Call History Difference Summary: New modems found in PBX_MAY12: 201: PC Anywhere, formerly Ring Timeout Identification Differences: Changes in identification: Phone number Results in 'PBX_MAY10' 415 Results in 'PBX_MAY12' PPP (CHAP) IP: 128.127.126.125 (Peer: 10.0.0.
Appendix I: Miscellaneous Password Security You can have the best security in the world; however, if you have user who uses an easily guessed password, or machines that have the same user/Password combination, then the most advanced security will not protect your company’s resources.
• Hackers Club Home Page: http://hackersclub.com/km/files o http://hackersclub.com/km/files/password_cracker/wordlists o http://hackersclub.com/km/files/password_cracker/wordlists/common-passwords.txt • UC DAVIS’s password security guidelines: http://it.ucdavis.edu/pubs/quicktips/password.html • Phrack Magazine: http://www.phrack.org (Going through all back issues is recommended.
BinkleyTerm Version 2.50 Mail Interface and Dumb Terminal Package BinkleyTerm Version 2.60 Mail Interface and Dumb Terminal Package BinkleyTerm XE Version 2.
Federal Government Computer System FirstClass BBS Fluidmaster Inc. Control Fluidmaster Inc. Control on ST1000 System FreOS, version 1.2 FreeBSD (UNIX) FrontDoor Mail Suite FrontDoor version 1.99 Mail Suite FrontDoor version 2.02 Mail Suite FrontDoor version 2.12 Mail Suite FrontDoor version 2.25 Mail Suite FrontDoor version 2.
Linux System (UNIX) Lithonia Synergy Lighting System Controller Lucent PortMaster PM3 MANAKON Telemanagement Console MAXIMUS BBS, version 2 MAXIMUS BBS, version 3 MAXIMUS BBS, version 3.01 MEGAHOST BBS MIT Project Athena MUMPS-systems 3.0.6 for a IBM/PC platform MUMPS-systems for a IBM/PC platform Management Information Base Mecury Mail to AT&T Mail Gateway MediaGate EdgeCommander MediaGate System MediaHost by MediaHouse Software Inc.
Possible Key Telephone Switch Possible PICK Environment Possible Scicom system Possible Telephone PBX Possible X.
US Robotics Courier Modem US Robotics V.Everything Dial Security Session US Robotics V.Everything Fax Dial Security Session US Robotics V.Everything Security Session USL Unix System V UUPC (UUCP client software) UUPC (UUCP client software) for MS-DOS v. 5.00 Ultimate PLUS Unidentified Acculink device Unidentified Paradyne COMSPHERE device Unidentified Paradyne device Unidentified System with Login: prompt UnixWare VAIS FirstLine Voice Scripts VERITAS Software Remote Access VISTA Terminal Server VCP-1000 v1.
Modem Vendors Zoltrix/Zoltix (Zoltrix Rainbow 56K modem, FM-VSP56e2 and FM-VSP56e3) http://www.zoltrix.com or http://www.zoltrix-int.com (International Web Site) Installation notes: PhoneSweep does not use the drivers that come with your modem. However, to prevent the Add New Hardware wizard from coming up every time you restart your PC or laptop, we recommend that you install the modem drivers, then turn them off under Modem Properties in the System Devices panel found under Start->Settings->Control Panel.
