User manual
64
If PhoneSweep does freeze during a sweep, please do not restart PhoneSweep. Instead save a copy of the
phonesweep.log to send to Sandstorm Support, noting if there were any other programs, virus checkers or
network connection attempts during the time of the sweep. Sandstorm support will then attempt to
identify which number caused problems with PhoneSweep. The Penetrate level of effort can be
dangerous!
Caution: When you set PhoneSweep to scan at the Penetrate level of effort, PhoneSweep will attempt to
break in to any devices it finds on the other end of the line. Doing this without proper authority may be a
violation of applicable laws. Be sure that you understand what Penetrate mode does, that you wish
PhoneSweep to scan at the Penetrate level, and that you have clear authorization to perform a
PhoneSweep scan at the Penetrate level.
4.6.2 Username/password recycling
Username/password recycling is only relevant at the Penetrate level of effort. PhoneSweep’s default
setting is to have username/password recycling on (checked).
If you know that all of the modems you are attempting to call are connected to the same system, or a set
of systems that share a common username/password database (e.g. a single RADIUS server), you can
keep PhoneSweep from making redundant calls by disabling username/password recycling.
Username/password combinations can be:
• recycled: each combination of username/password (listed in the Setup -> Effort tab)used on
every remote modem found.
• not recycled: only used once during a sweep.
On many systems, PhoneSweep can try three username/password combinations per call; however, PPP
authentication protocols only allow one attempt per call. If you choose to recycle the username/password
combinations, PhoneSweep will need to make many more calls than it otherwise would, and thus will
take significantly longer to complete the scan.
You should disable username/password recycling when leaving it enabled would cause PhoneSweep to
make redundant penetration attempts, and therefore unnecessary calls. This is the case if you know that all
the modems that you are trying to dial are connected to the same system, as in the case of a modem pool.
If ten remote numbers connect to the same terminal server, which has only one username/password
database, there is no reason to a try given username/password combination on more than one of the
remote numbers.
4.6.3 Using multiple profiles to optimize large scans
You may want to use profiles to split your pool of phone numbers into smaller sets for more efficient
scanning. For instance, say you wish to brute-force modems found on a previous scan. The numbers fall
into three categories: ten connect to a time-sharing system, twenty more are the hunt group for a dial-up
server, and the remaining fifteen are miscellaneous phone lines. In this case, you would create three
profiles: