Q: Why did Sandstorm create PhoneSweep?
Q: Is it legal to use PhoneSweep?
Q: Is PhoneSweep safe? How rigorously has it been tested?
Q: Can't I do everything that PhoneSweep does with TONELOC, THC, and other underground wardialers?
Q: What are the main differences between PhoneSweep models?
Q: What do I need in order to use multiple modems simultaneously with PhoneSweep?
Q: I'm a security consultant who performs telephone audits of client sites, and I understand that PhoneSweep can do that. How else could I use PhoneSweep?
Q: What is a profile? Am I limited to just one?
Q: What do the numbers-per-profile limits mean? Can I have more numbers in my profiles than the limits list?
Q: What are the advantages of using a single large profile vs. using multiple smaller profiles?
Q: How long will a scan take?
Q: How can I compare one set of PhoneSweep results to another?
Q: Do I need to own a copy of Microsoft SQL Server (or any other SQL database)?
Q: Are there any internal PCI modems compatible with PhoneSweep?
General PhoneSweep FAQ Answers
Q: Why did Sandstorm create PhoneSweep?
Sandstorm's philosophy is to provide security practitioners with professional,
documented, supported products; PhoneSweep is intended to replace home-grown
audit and test software, or "war dialing" software available on the Internet,
with a tested and trusted commercial package.
As companies' information systems proliferate, corporate networks become
more complex. The last generation's cloistered mainframe is a thing of
the past, and every desktop -- and every phone -- may be an entry point
to your company's information resources. Undocumented or misconfigured
systems, or employee malfeasance may open holes in your company's virtual
walls, inviting the curious hacker -- or worse.
Back to top
Q: Is it legal to use PhoneSweep?
It is legal to use PhoneSweep for its intended purpose: to perform
security audits with the permission of the company being audited. Using
PhoneSweep to scan systems without the permission of their owners may be
a violation laws in your area. For further information, please contact
sales@sandstorm.net
Back to top
Q: Is PhoneSweep safe? How rigorously has it been tested?
PhoneSweep has been extensively tested in a variety of laboratory and real-world situations.
The product employs a technique which screens out calls to the emergency numbers 911 and 9911.
The customer has the option of screening out additional emergency numbers by adding those
numbers to the Emergency Phone Numbers list. This can be done on a per-Profile basis. PhoneSweep
carefully logs all of its actions for follow-up.
Back to top
Q: What is a profile? Am I limited to just one?
Each Profile stores all information belonging to a set of phone numbers
and each phone number's associated time period settings and notes.
Each Profile also stores the settings for sweeping that profile (such as
Emergency Numbers not to call), as well as the final scan results for each
number.
PhoneSweep later uses the stored scan results to generate any number
of reports on that profile. Information from each profile can
also be drawn directly from the MySQL database for processing in other
applications, such as Microsoft’s Access™ program. We recommend that
whenever possible, Profiles contain numbers that are called during the
same time period for easier management.
Once you have scanned a Profile, you can either make a COPY of that
Profile, yielding a new copy with PhoneSweep’s default settings, or a RESCAN,
yielding a new copy with the same settings as the previous version.
Information from two profiles with the same phone numbers can be used to
produce Differential Reports, which indicate if there have been any changes
in call results between scans.
You can have any number of Profiles in your PhoneSweep database.
Further information can be found in the PhoneSweep Manual.
Back to top
Q: What do the numbers-per-profile limits mean?
Can I have more numbers in my profiles than the limits list??
PhoneSweep Basic (our lowest priced model) allows you to add up to
800 unique phone numbers in each Profile you create. This is a hard
limit. PhoneSweep Plus, on the other hand, allows you to add up to
10,000 unique phone numbers at a time to each Profile you create.
You can have more than 10,000 phone numbers per profile in PhoneSweep Plus
4 and 8, and 20,000 unique phone numbers in PhoneSweep Plus 12 and
16; however, Sandstorm only guarantees support for 10,000 numbers (Plus
4 and 8) and 20,000 numbers (Plus 12 and 16) .
That said, we do have customers who routinely use 50,000 unique phone
number profiles without issue. We recommend, no matter how many numbers
you have in your Profiles, that as with any database, that you maintain
backups of all Profiles and Profile results.
Back to top
Q: What are the advantages of using a single large profile vs. using multiple smaller profiles?
Although you are free to use PhoneSweep to manually scan four
different 800-number profiles, splitting a single block of phone numbers
into separate profiles will prevent you from using some of PhoneSweep's
sophisticated call-scheduling and reporting features.
Back to top
Q: How long will a scan take?
The estimation rule for PhoneSweep scan durations is one call per modem per minute. Remember, however, that if PhoneSweep detects a busy tone it will have
to make an additional call, so add in extra time for those re-dials when you
estimate your time.
Back to top
Q: How can I compare one set of PhoneSweep results to another?
Yes. PhoneSweep will create a Differential Report to compare the results
of the original scanned Profile and a RESCAN Profile.
You can also set up scripts to export Call Results on scan completion
for use in other programs that can automatically alert you to changes.
Back to top
Q: Can't I do everything that PhoneSweep does with TONELOC, THC, and other underground wardialers?
PhoneSweep has many features that today's underground programs lack,
including:
- Brute force username/password guessing with tools that allow you to easily
generate your own username/password files.
- Identification of over 470 dialed systems
- Fax machine detection.
- PPP Identification and Brute force guessing - the world's first at PPP Identification and premiere at both PPP Identification and Bruteforce guessing.
- Sophisticated reporting (in RTF format)
- Differential reporting that details changes since you last scanned
- Distributed Scanning and E-Mail notification of various events (In PhoneSweep Gold)
- A presentation quality color chart of your results
- Multi-modem scanning - 4, 8, 12 or 16 modems (Multiple Modems can cut your
scanning time dramatically)
- Technical support.
PhoneSweep combines these features with an easy-to-use graphical user interface
and an ODBC-compliant SQL database. Finally, you can use PhoneSweep with
the knowledge that you are using a system developed by computer security
professionals, and not by the computer underground. When you download hacker
software executables off the Internet, there's no easy way to find out
if the program has any special undocumented features or other kinds of
Trojan horses.
Back to top
Q: Do I need to own a copy of Microsoft SQL
Server (or any other SQL database)?
No. PhoneSweep ships with an embedded SQL database.
Back to top
Q: What are the main differences between PhoneSweep models?
PhoneSweep Basic is designed for a single modem, with 800-number scanning
profiles, sufficient for use on a security consultant's laptop or for
regular preventative use in a small corporation. PhoneSweep Plus is capable
of managing up to four simultaneous modem sessions with up to 10,000 phone
numbers in an active profile, and can rapidly and efficiently sweep a large
organization's telephone network. We also have Plus 8, Plus
12 and Plus 16 models that allow you to use up to 8 modems with 10,000
phone numbers, 12 and 16 modems with 20,000 phone numbers.
Back to top
Q: What do I need in order to use multiple modems simultaneously with PhoneSweep?
Your computer needs to be configured appropriately (e.g., with one
serial port per modem, and ports assigned to COM1, COM2, etc.). Note:
if you are using a multi-port serial device that shares a single IRQ between
multiple COM ports, you need to be sure that your Windows COM-port driver
supports simultaneous I/O on all ports. Sandstorm has tested many
multiport serial devices. Results of these tests can be found on our
multiport page.
Back to top
Q: Are there any internal PCI modems compatible with PhoneSweep?
Please see our up-to-date list of recommended
modems for all modems compatible with PhoneSweep. Once you find
a modem, customers in the U.S. can contact Sandstorm Sales for direct purchase.
Back to top
Q: I'm a security consultant who performs telephone audits of
client sites, and I understand that PhoneSweep can do that. How else could I use PhoneSweep?
PhoneSweep was developed to be simple to configure and use, and we
hope that some of our consultant customers will provide their customers
with PhoneSweep as a tool for on-going, preventative maintenance. As sweeping
a large organization, rigorously checking access ports with brute force
access attempts, can take time, PhoneSweep could be set to cycle completely
through an organization's network over the space of a month, delivering
regular reports. Use of PhoneSweep as an integral part of the client's
information system enables the consultant to be continually involved in
system security, and not just called in for infrequent, spot checks.
Back to top
| 
Sandstorm Home
Products
PhoneSweep
