Profile
Name: BOSTON_OFFICE_1_AUG2001,
BOSTON_OFFICE_2_AUG2001,
BOSTON_OFFICE_3_AUG2001
Report
Generated: Friday,
August 24 2001 13:53:06
Time
of First Call: Monday,
August 06 2001 15:06:53
Time
of Last Call: Monday,
August 06 2001 17:51:00
Elapsed
Time During Scan: 2
hours, 45 minutes, 53 seconds
Phone
Numbers Assigned to Dial: 74
Number
of calls made: 176
Phone
Numbers Dialed using Single Call Detect™: 74
Phone
Numbers Dialed using Data-only Mode: 74
Phone
Numbers Dialed using Fax-only Mode: 68
Phone
Numbers Checked for Data: 74
Phone
Numbers Checked for Fax: 68
Search
for modems completed: 100.0%
Search
for fax machines completed: 91.9%
Username/password
guessing completed: 0.0%
Modems
found: 22
Systems
compromised: n/a
When
the report was generated, PhoneSweep was configured to scan for both fax
machines and modems.
PhoneSweep
was configured to only connect to modems, but not to identify or attempt to
penetrate them.
There
were a total of 176 simulated calls made in this profile when the report was
generated.
Profile
Notes:
BOSTON_OFFICE_1_AUG2001 Created Mon Aug 6 14:40:33 2001
BOSTON_OFFICE_2_AUG2001 Created Mon Aug 6 14:48:04 2001
BOSTON_OFFICE_3_AUG2001 Created Mon Aug 6 14:49:03 2001
Profile Name: BOSTON_OFFICE_1_AUG2001,
BOSTON_OFFICE_2_AUG2001,
BOSTON_OFFICE_3_AUG2001
Scan Started: Monday, August 06 2001 15:06:53
Scan Stopped: Monday, August 06 2001 15:26:00
Elapsed time: 15 minutes, 18 seconds
Report Generated: Friday, August 24 2001 13:53:06
PhoneSweep is a program developed by Sandstorm Enterprises (http://www.sandstorm.net) to search for modems within a set of phone numbers. PhoneSweep attempts to identify systems attached to remote modems as well as attempting to find areas of poor security by guessing common usernames and passwords.
Some modems are of higher quality than others, and can report more information about a remote phone number. These modems can recognize remote fax machines, phones answered by human beings, or simply just when a remote number is ringing. Sandstorm Enterprises, Inc. makes available a recommended modem list, including modems known to work well with PhoneSweep.
Without a recommended modem, PhoneSweep must rely on a time-based timeout to end a connection. It will only be able to differentiate between calls to modems, busy signals, and calls that timed out. PhoneSweep will not then include a list of fax, voice, and ring timeout numbers.
|
Term |
Definition |
|
Anomaly |
An “anomaly” is a PhoneSweep result that is not
consistent and should be investigated.
For instance, if a phone number is answered once with “carrier”
(answered by a modem) but later on answered by a human voice, this is an
anomaly and may indicate an unauthorized modem. |
|
Brute force password guessing |
“Brute Force” username password guessing means that PhoneSweep will call a remote number, and offer one of its assigned username/password pairs. |
|
Compromised or Penetrated |
A system has been “compromised” or “penetrated” if PhoneSweep was able to guess a valid username and password for that system, or the system allowed access without a username and password. |
|
PhoneSweep |
A program developed by Sandstorm Enterprises (www.sandstorm.net) to search for modems within a set of phone numbers. PhoneSweep can attempt to identify systems attached to remote modems as well as attempting to find areas of poor security by guessing common usernames and passwords. |
|
Scan or Sweep |
A PhoneSweep “scan” or “sweep” is a series of calls to a list of assigned numbers to search for modems, and possibly identify or attempt to penetrate the attached systems. |
|
Username/password recycling |
If PhoneSweep is “recycling” usernames and passwords, then it will attempt to brute force the entire username/password list on each modem that it finds. If it is not recycling, it will use each username/password pair on its list only once. |
|
Call response state |
Explanation |
|
Busy |
This phone number was always busy when dialed. If a busy number is later redialed and is not busy, it is listed under the other category. |
|
Carrier |
The remote phone number responded with a carrier signal;
a tone signal that indicates a computer is attached to the other end. A carrier signal means that electronic
data transfer between two computers is possible, which may mean that
network-based security can be evaded. Numbers with “carrier” are also
referred to as numbers with modems attached. |
|
Fax |
A fax machine answered the remote phone line. |
|
Ring Timeout |
If your modem can detect when a remote phone number is ringing, PhoneSweep will record calls that ring past a limit as “Ring Timeout”. The ring limit varies based on the time period during which the phone number was called. |
|
Screened |
A phone number is “screened” if the first part of the number is “9911” or “911”. Screening is designed to prevent accidental calls to emergency numbers in certain countries, including the United States and Canada. |
|
Timeout |
PhoneSweep has timeout settings that vary depending on the time period in which the phone number was dialed. If the remote number is not ringing (or your modem cannot detect rings), and nothing answers the phone, the call times out. |
|
Tone |
The remote phone number answered with a dial tone. “Tone” calls may indicate a number that an
unauthorized person may use to make toll calls at your expense. These should be checked to make sure that
they cannot be misused. |
|
Voice |
If you have a modem that can detect voice, then PhoneSweep will mark human-answered calls as “voice”. Answering machines and voicemail systems will also qualify as voice. |
|
|
Total Phone Numbers With This Result |
Percent of Total Phone Numbers |
|
Assigned to Dial |
74 |
100.0%* |
|
Checked for Data |
74 |
100.0%* |
|
Carrier |
22 |
29.7% |
|
Tone |
4 |
5.4% |
|
Busy |
6 |
8.1% |
|
Ring Timeout |
11 |
14.9% |
|
Timeout |
23 |
31.1% |
|
Voice |
3 |
4.1% |
|
Screened |
0 |
0.0% |
* As a percent of the total numbers assigned to dial, as opposed to actually dialed.
The percentages may not add to 100 percent and there may be more distinct results than assigned phone numbers. This can happen if a phone number responded in two different ways. Also, if the scan was not completed, the numbers will be less than 100 percent.
|
|
Total Phone Numbers With This Result |
Percent of Total Phone Numbers |
|
Assigned to Dial |
74 |
100.0% |
|
Checked for Fax |
68 |
91.9% |
|
Faxes found: |
10 |
13.5% |
|
Screened: |
0 |
0.0% |
|
|
Total Phone Numbers With This Result |
Percent of Phone Numbers With Carrier |
|
Numbers with Carrier: |
22 |
100.0% |
|
Identified |
22 |
100.0% |
|
Unidentified |
n/a |
n/a |
|
|
Count of systems penetrated |
Percent of total penetrated systems |
|
Penetrated Systems |
n/a |
n/a |
|
Identified |
n/a |
n/a |
|
Unidentified |
n/a |
n/a |
Percent of Brute force username/password guessing attempts completed: 0.0%
555-1017 responded with carrier as well as fax: a fax/modem is hooked up to this phone number.
555-1025 responded with carrier as well as fax: a fax/modem is hooked up to this phone number.
555-1033 responded with carrier as well as fax: a fax/modem is hooked up to this phone number.
555-2003 responded with carrier as well as fax: a fax/modem is hooked up to this phone number.
Systems Penetrated by PhoneSweep:
PhoneSweep did not succeed in penetrating any systems.
The following numbers responded with a modem carrier, allowing access to that system. This means that an outside person may be able to connect to your network through these numbers.
We recommend that you compare with known modem numbers, and that all modem lines be further checked to be sure that strong security is in place. Examples of poor modem security include (but are not limited to) systems without any passwords or systems with well-known or easily guessed usernames and passwords.
555-1003 555-1005 555-1007
555-1013 555-1015 555-1017
555-1023 555-1025 555-1027
555-1033 555-2003 555-2005
555-2007 555-2013 555-2015
555-2017 555-2023 555-8703
555-8705 555-8707 555-8713
781-555-5555
The following numbers were always busy when called by PhoneSweep. They may be leased lines, or voice or data lines that happened to be busy whenever PhoneSweep checked them. We recommend these numbers be checked further to ensure that they are not unauthorized modems.
555-1009 555-1019 555-1029
555-2009 555-2019 555-8709
These always busy telephone numbers can be re-scanned by increasing the Busy Redial value on the Dial Sub-Tab. When this report was generated, Busy Redial was set to 5.
The following numbers returned a second dial tone when called by PhoneSweep. These numbers should be closely checked to ensure that outsiders cannot make calls through an internal exchange. If these tone numbers allow long-distance or international calls, you may be a target for expensive telephone fraud.
555-1030 555-2006 555-2010
555-8701
The following numbers responded with a FAX tone when PhoneSweep scanned them. FAX machines do not represent a security risk, although FAX numbers which also responded with Carrier could be unauthorized or misconfigured fax/modems.
555-1006 555-1008 555-1017
555-1018 555-1025 555-1033
555-2001 555-2003 555-2014
555-8704
PhoneSweep did not complete scanning for fax machines. Of the 74 phone numbers assigned for PhoneSweep to call, only 68 (91.9%) were actually called.
Identified Systems with Modems:
555-1003 -PC Anywhere
555-1005 - PPP (MS-CHAP)
555-1007 - PPP (MS-CHAP)
555-1013 - FreeBSD (UNIX)
555-1015 - FreeBSD (UNIX)
555-1017 - FreeBSD (UNIX)
555-1023 - FreeBSD (UNIX)
555-1025 - FreeBSD (UNIX)
555-1027 - FreeBSD (UNIX)
555-1033 - FreeBSD (UNIX)
555-2003 - FreeBSD (UNIX)
555-2005 - PC Anywhere
555-2007 - FreeBSD (UNIX)
555-2013 - PPP (MS-CHAP)
555-2015 - PPP (MS-CHAP)
555-2017 - FreeBSD (UNIX)
555-2023 - FreeBSD (UNIX)
555-8703 - PPP (MS-CHAP)
555-8705 - FreeBSD (UNIX)
555-8707 - FreeBSD (UNIX)
555-8713 - FreeBSD (UNIX)
781-555-5555 - PC Anywhere
PhoneSweep did not discover any modems it could not identify during this sweep.
Responses from Penetrated Systems:
No responses were received from penetrated modems during this PhoneSweep scan.
Responses From Unknown Modems:
PhoneSweep did not receive any response strings from unknown modems.
This section suppressed by request.
Number: Result:
555-1000 TIMEOUT
555-1001 TIMEOUT
555-1002 TIMEOUT
555-1003 CARRIER - PC Anywhere
555-1004 RING_TIMEOUT
555-1005 CARRIER - PPP (MS-CHAP)
555-1006 FAX
555-1007 CARRIER -PPP (MS-CHAP)
555-1008 FAX
555-1009 BUSY
555-1010 RING_TIMEOUT
555-1011 TIMEOUT
555-1012 TIMEOUT
555-1013 CARRIER - FreeBSD (UNIX)
555-1014 RING_TIMEOUT
555-1015 CARRIER - FreeBSD (UNIX)
555-1016 TIMEOUT
555-1017 CARRIER - FreeBSD (UNIX)
555-1017 FAX
555-1018 FAX
555-1019 BUSY
555-1020 TIMEOUT
555-1021 TIMEOUT
555-1022 TIMEOUT
555-1023 CARRIER - FreeBSD (UNIX)
555-1024 TIMEOUT
555-1025 CARRIER - FreeBSD (UNIX)
555-1025 FAX
555-1026 RING_TIMEOUT
555-1027 CARRIER - FreeBSD (UNIX)
555-1028 TIMEOUT
555-1029 BUSY
555-1030 TONE
555-1031 TIMEOUT
555-1032 RING_TIMEOUT
555-1033 CARRIER - FreeBSD (UNIX)
555-1033 FAX
555-2000 RING_TIMEOUT
555-2001 FAX
555-2002 TIMEOUT
555-2003 CARRIER - FreeBSD (UNIX)
555-2003 FAX
555-2004 TIMEOUT
555-2005 CARRIER - PC Anywhere
555-2006 TONE
555-2007 CARRIER - FreeBSD (UNIX)
555-2008 TIMEOUT
555-2009 BUSY
555-2010 TONE
555-2011 RING_TIMEOUT
555-2012 TIMEOUT
555-2013 CARRIER - PPP (MS-CHAP)
555-2014 FAX
555-2014 VOICE
555-2015 CARRIER - PPP (MS-CHAP)
555-2016 TIMEOUT
555-2017 CARRIER - FreeBSD (UNIX)
555-2018 RING_TIMEOUT
555-2019 BUSY
555-2020 TIMEOUT
555-2021 TIMEOUT
555-2022 RING_TIMEOUT
555-2023 CARRIER - FreeBSD (UNIX)
555-2024 TIMEOUT
555-8700 VOICE
555-8701 TONE
555-8702 TIMEOUT
555-8703 CARRIER - PPP (MS-CHAP)
555-8704 FAX
555-8705 CARRIER - FreeBSD (UNIX)
555-8706 VOICE
555-8707 CARRIER - FreeBSD (UNIX)
555-8708 RING_TIMEOUT
555-8709 BUSY
555-8710 TIMEOUT
555-8711 TIMEOUT
555-8712 RING_TIMEOUT
555-8713 CARRIER - FreeBSD (UNIX)
781-555-5555 CARRIER - PC Anywhere
Call time: Number: Result:
This section suppressed by request.