Manualshelf

User manual

ManualsBrandsMultitech ManualsComputer equipmentMultiModem V.90/K56FLEX MT5600ZDX
919293949596979899100
100
In some cases, a phone switch can make a click when a call is handed off to another component or an
external trunk. Sometimes, PhoneSweep may interpret this click as the call being answered. If so,
PhoneSweep may misidentify calls. When PhoneSweep senses that the call has been picked up, it starts a
timer. If PhoneSweep does not get tones from a modem or fax machine before the timer runs out,
PhoneSweep hangs up and records VOICE, although in fact the call may not even have been answered
yet. On the other hand, if PhoneSweep misinterprets a click from the phone switch as the call being
picked up and the next sound it encounters is a tone, PhoneSweep may misidentify the number as
reaching a fax machine.
Numbers that time out must be considered with reference to the way unassigned numbers are handled on
your phone system. On some systems, numbers that are not assigned give busy signals when called, or
they may all be routed to voicemail, a recorded message, or special tones. More information on
interpreting numbers that time out is given in the next section.
You should also be aware of any differences in how internal and external calls are handled, as well as any
potential differences between dialing by extension only and dialing with the full number. Some telephone
systems produce tones when dialing internal extensions but not external numbers. Others use a different
type of ring when calling internal versus external extensions, or while dialing by extension vs. using the
entire number. Also, if you require a prefix or extension to dial outside your organization, make sure that
it is only dialed when appropriate. If you have modified your phonesweep.ini file to automatically include
a dial-out prefix, this can cause problems if you create a profile containing internal extension numbers.
Before you begin production scanning, you should do a test sweep in which you call numbers known to
reach the devices that you are looking for or may encounter in the course of a sweep. This is especially
important if you are using PhoneSweep at multiple sites (see Section 5.1, Setting Up A Test Sweep).
10.3 Threats posed by various devices and situations
10.3.1 Data-only modems
Any data modem that can be called from outside is a potential vulnerability. If the modem or attached
computer doesn't require a password to log in, it is a severe
threat and should be removed or secured
immediately. If PhoneSweep in Penetrate mode succeeds in executing a brute-force attack against that
modem and logging into the attached computer, the threat is less severe: Your course of action will
depend on your assessment of the relative weakness of the username/password that PhoneSweep used.
10.3.2 Fax/modems
A fax/modem is a device that is capable of both fax and data communications. A fax/modem will be
reported as Fax by PhoneSweep running in fax mode, and as Carrier by PhoneSweep running in data
mode. In SCD mode, PhoneSweep will report a number that reaches a fax/modem first as Fax and
subsequently as Carrier.
All of the caveats for data-only modems apply to fax/modems. In practice, fax/modems pose a greater
security risk than data-only modems. A user who installed the hardware and software only to receive
faxes may not be aware that the fax/modem can also answer incoming data calls and thus not perceive a
need to secure it.
10.3.3 Fax machines
Users who have been allocated analog lines to receive faxes may also use the line for dialup access with
an unauthorized modem. If such a modem is not secured, it will pose a security risk.