User manual
145
Appendix H: A Sample Differential
PhoneSweep Report
Differential Executive Summary:
Report generated: Friday, May 12 2000 11:37:15
Old profile: 'PBX_MAY10'
Started sweeping: Wednesday, May 10 2000 13:18:34
Stopped sweeping: Wednesday, May 10 2000 13:39:16
New profile: 'PBX_MAY12'.
Started sweeping: Friday, May 12 2000 10:55:49
Stopped sweeping Friday, May 12 2000 11:34:11
The effort level for both scans was set to Penetrate.
Warning: PBX_MAY10 was not configured to scan for fax machines, PBX_MAY12 was.
Busy redial was set to 5 in both profiles.
Engineering Summary:
Introduction
PhoneSweep is a program developed by Sandstorm Enterprises (http://www.sandstorm.net
) to search for
modems within a set of phone numbers. If configured to do so, PhoneSweep attempts to identify systems
attached to remote modems and can attempt to find areas of poor security by guessing user-defined
common usernames and passwords.
This report is a 'differential' report; it displays the differences between two sweeps. One sweep has been
designated as the 'older' sweep, the other as the 'newer' sweep. The differential report will highlight
changes between the older sweep and the newer sweep.
Differential reports must be run over profiles with overlapping phone numbers; if the two profiles have no
phone numbers in common, then no meaningful comparisons can be performed. If some numbers have
been added or removed, then those differences will be reported.
Phone Number Differences:
Count of phone numbers that are in both profiles:
240
Both profiles used the same set of phone numbers.
Penetration Differences:
New successful penetrations with new usernames and passwords:
(Username/password pairs not tried in PBX_MAY10)
201: guest,guest - Good username Good password