User manual
102
numbers give busy signals. In this case, numbers that time out may represent phones that are
misconfigured (they don’t go to voicemail, or have been call-forwarded outside the organization).
If you get Timeout for valid lines and do not get it on some other lines, check the lines that don't get
Timeout. You can call a known disconnected number to see what response to expect from your switch.
Data-only remote access lines normally pick up on the first ring, but combination voice/fax/data
equipment may not pick up until the second or fourth ring. A number that always times out could
conceivably be a modem configured to not pick up until it has seen more rings than PhoneSweep is
configured to try. This is uncommon and is less likely to be a significant security risk, since measures that
make it harder for PhoneSweep to find modems also make it harder for an attacker to find the modems.
10.3.9 Default passwords
Default usernames and passwords are a common vulnerability in network and data communications
equipment. Even when the manufacturer documents them, many equipment installers neglect to change
them. Your bruteforce.txt file should include default usernames and passwords for the systems on your
site, in order to catch instances where the defaults have not been changed to something more secure.
10.3.10 Second dial tones
A second dial tone is a dial tone in response to a code entered on the telephone (a “telephone extender”).
These often give access to restricted calling privileges, such as long-distance calling. If attackers find a
number that is a telephone extender, they may be able to make long distance calls that will be billed to
your organization.
10.3.11 Numbers that are always busy
Numbers that are always busy warrant further investigation, because they might be connected to a modem
that was in use for the whole period of the scan.
10.4 Mis-identifications
Some situations and devices have been identified as generating false identifications. In each case it is
usually some non-standard or un-expected behavior. All mis-identifications should be reported to
PhoneSweep Technical Support for eventual inclusion in the manual or PhoneSweep itself.
10.4.1 Fax machines known to generate mis-identifications
Certain fax machines have been known to generate Fax/Modem misidentifications, despite being just fax
machines without applied modem options. Some fax machines generate mis-identifications only at the
Connect level of effort due to the sounds they generate. Some fax machines generate mis-identifications
at all levels of effort due to some aspect of their design that results in an exchange of modem protocols. In
detail, the causes for mis-identifications are as follows:
• Super Group III Protocol, which is marketing speech for Faxes that achieve the upper
limits of Fax Group III Protocol speeds by using compression. At the Connect level of
effort this may sound like a modem tone. (Connect level of effort only).
• Undocumented features or non-standard fax modem design (Older Fax machines
especially - All levels of effort).
• Optional “Modem Add on” features, that though not activated, may still have the modem
components installed.(All levels of effort).