RE: FW: RE Modem identification

From: Stephan Barnes (stephan.barnes@foundstone.com)
Date: 09/25/01


Message-ID: <5B8559F3126DD4119C5100B0D022A06D012F2FE0@mailwest>
From: Stephan Barnes <stephan.barnes@foundstone.com>
To: "'Dawes, Rogan (ZA - Johannesburg)'" <rdawes@deloitte.co.za>, 'Bikar Dude' <bika@nuclear.biodome.org>, Stephan Barnes <stephan.barnes@foundstone.com>
Subject: RE: FW: RE Modem identification
Date: Tue, 25 Sep 2001 06:31:53 -0700

Great question.

Many times Tone-LOC gets cleaner banners because it has an option
to strip the parity bit (if you want it to).

Run TLCFG.exe and check under Scan Options the Parity Stripping Option.

In your case im not sure how you address connection issues but your
answer is in how you hanlde parity once connected.

Stephan Barnes
stephan.barnes@foundstone.com
http://www.m4phr1k.com
 
***************************************
This email may contain confidential and privileged material for the sole use
of the
intended recipient. Any review or distribution by others is strictly
prohibited.
If you are not the intended recipient please contact the sender and delete
all copies.
Thank You.
***************************************

-----Original Message-----
From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes@deloitte.co.za]
Sent: Tuesday, September 25, 2001 1:01 AM
To: 'Bikar Dude'; Stephan Barnes
Cc: 'pen-test@securityfocus.com'
Subject: RE: FW: RE Modem identification

Does anyone know how Tone-LOC did automatic Parity conversion?

I started writing a War Dialler in Perl for Unix/Linux that would simply
take a list of numbers and dial them, recording the banners, and doing a bit
of prompting to stimulate banners if none were forthcoming. But one of the
things that I have no idea how to do is the "Automatic Parity conversion"
that Tone-LOC did, when connecting to a different parity modem.

Does anyone have any ideas?

Re the prompting, one of the most common "Silent" modems seems to be Windows
NT RAS. This sits there until you give it a particular string. I am
intending to capture the initial string using PortMon, and replay it blindly
whenever I get no initial characters. That should help identify a number of
systems, I think.

Rogan

-----Original Message-----
From: Bikar Dude [mailto:bika@nuclear.biodome.org]
Sent: 23 September 2001 12:18
To: Stephan Barnes
Cc: 'pen-test@securityfocus.com'
Subject: Re: FW: RE Modem identification

//* ObHacker: Pick any 6 unix utilities and write a complete war-dialer.
ObHacker++: Try to reduce the total number of letters in the 6 commands
ObHacker++to
less than 20. *//

-b

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/