User manual
101
10.3.4 Combination answering machine/fax
The main threat from a combination answering machine/fax is that an unauthorized modem will find its
way onto the line. The answering machine/fax does not pose a threat in and of itself.
10.3.5 Numbers that report “VOICE”
Numbers that report VOICE are most likely human-answered phones or voicemail, and generally do not
pose a security threat, although they should be investigated if it is not known who is responsible for a
particular line. It is possible that a VOICE response could be a combination answering machine/fax
machine or a fax machine that otherwise plays a recorded message before sending fax tones. If a number
that reports as VOICE has been disconnected or is unassigned, contact your telephone system personnel
to find out if your phone system automatically provides a voicemail message for disconnected or
unassigned numbers.
10.3.6 Fax machine issues
As Faxes approach higher transmission speeds with compression (Super G3 Faxes which run up to
36.6Kbs using the JBIG compression), we are beginning to see where Fax tones can be confused with
Data tones. Thus, in Connect mode, where PhoneSweep only listens for the tone and then hangs up, we
sometimes see a Fax misidentified as a carrier. However, when in Identify mode, where PhoneSweep
actually communicates with devices, using the appropriate protocol handshakes, PhoneSweep will
correctly identify such machines as Fax only. .
In the case where certain makes and models of Fax Machines report as Fax/Carrier (Modem) in Identify
or Penetrate Levels of Effort, we believe these machine contain either undeveloped/undocumented
features; or “ready-to-use” features so that new features, such as a modem, can be added after purchase.
That said, you might still want to check out the Fax machine to make sure that it is only Fax-capable, and
not a fax/modem.
10.3.7 Incorrectly configured software
It is possible, although uncommon, for PhoneSweep to hang a system that it calls. This is not merely an
annoying side effect of running PhoneSweep; if PhoneSweep hangs a system that it calls, you have
discovered a serious vulnerability. Denial of Service is a serious threat, and systems that crash or hang
when called without the proper protocol represent a Denial of Service vulnerability. Improperly
configured remote access software may hang or leave the line off-hook for a long time if an incoming call
doesn't proceed as expected, leaving the service unavailable. For example, some versions of pcAnywhere
take a few minutes to reset if they are called without a login attempt, during which time calls will not be
answered and the dialup will be unavailable.
Also note that some versions of popular remote access software, such as Carbon Copy or pcAnywhere, do
not require a password by default. It is important to educate users about the necessity of securing all
modems with passwords.
10.3.8 Numbers that consistently time out
Your response to numbers that consistently time out depends on what you hope to accomplish with the
PhoneSweep scan and your knowledge of how your particular phone system is configured. Typically, you
should check to see if a line that times out is actually in use, or if there is a problem in your wiring or
PBX configuration.
If all currently assigned phone numbers should go to voicemail, it would be reasonable to assume that
numbers that time out in SCD mode are not assigned. Alternatively, on some switches unassigned