Re: Security Posture Assessment
Steven.Gill_at_sungard.com
Date: 11/14/03
- Previous message: William J. Craig: "RE: Security Posture Assessment"
- Maybe in reply to: Bob: "Security Posture Assessment"
- Next in thread: R. DuFresne: "Re: Security Posture Assessment"
- Reply: R. DuFresne: "Re: Security Posture Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bobwills78@hotmail.com Date: Thu, 13 Nov 2003 21:26:47 -0500
The best modems to me seem to be US Robotics Sportster Modems. You may
also need to check your Initialization strings and dip switch settings on
your modem. Typically using ATZ for your init string should be enough, but
the NVRAM on the modem could be screwed up. You can also look at your
Windows .inf file for your modem to find your initialization string.
Also, I am currently writing a war dialing program for Linux called
Telescan (http://sourceforge.net/projects/telescan). It can handle
multiple modems, and logs its findings to a mysql database. I have written
reporting web pages in php so that you can look at the results via a nice
interface. It supports the following features:
- Has "time profiles" - e.g. you can tell telescan which hours dialing can
occur in any granularity that you want
- Logs to a database (currently only mysql supported, but will later
support more)
- Uses a multithreaded architecture to handle many modems
- Can use any modem that linux can use ( I currently use 3 modems off of a
DigiBoard)
- Reporting via web pages
I have not released a tarball on sourceforge, but I have checked in code to
CVS if anyone wants to try it:
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/telescan login
cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/telescan co
telescan
Then it should be the normal ./configure && make
su
make install
There is a sql file in contrib/ to set up the database schema
and a sample configuration file for configuring telescan.
I also have a demo of the reporting tool at:
http://telescan.sourceforge.net/telescan/telescan_index.php
I appreciate any feedback you may have, and also if anyone wants to help
code, I'd love the help.
Steve
|---------+---------------------------->
| | Bob |
| | <bobwills78@hotma|
| | il.com> |
| | |
| | 11/09/2003 09:33 |
| | PM |
| | |
|---------+---------------------------->
>---------------------------------------------------------------------------------------------------------------------------------------------|
| |
| To: pen-test@securityfocus.com |
| cc: |
| Subject: Security Posture Assessment |
>---------------------------------------------------------------------------------------------------------------------------------------------|
I am looking for imput from folks who have performed security posture
assessments as to the best free alternative to Phone Sweep. I have heard
good things about toneloc, but have been unsuccessful at getting it to
initialize any of the five modems I have attempted. The basic
configuration seems to be no more complicated than a COM port and an IRQ
setting so please let me know if you think there is something I am missing.
If you have gotten it to work what do you think is the best modem for
toneloc?
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
- Previous message: William J. Craig: "RE: Security Posture Assessment"
- Maybe in reply to: Bob: "Security Posture Assessment"
- Next in thread: R. DuFresne: "Re: Security Posture Assessment"
- Reply: R. DuFresne: "Re: Security Posture Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
