Sandstorm Enterprises® : Sandtrap® 1.6

Sandstorm Enterprises, Inc.

Sandtrap® 1.6

Sandstorm's "Wardialer Detector"

This is a fundamentally new type of application for any security-conscious organization.

You can benefit by deploying Sandtrap if:

  • Your organization has an active telephone auditing policy
  • You know you've been attacked in the past
  • Your organization is in a sensitive industry
  • You have reason to believe you're a target
    • Due to aggressive competitors
    • Because of your valuable information assets
    • As a result of a critical role in your country's economy
  • You want to complement your PhoneSweep system and know when to run additional scans

Links to Sandtrap Resources

Sandtrap is an inexpensive, low maintenance, automated tool

Now you can document your organization's actual exposure to the wardialing threat.

If you already use Sandstorm's PhoneSweep or another telephone scanning program for your telephone audits, Sandtrap is a good use of your wardialing computer when it's not actively wardialing. We recommended that you select phone numbers to monitor with Sandtrap either from a random selection of extensions (not consecutive numbers) or a sample extension in each sensitive range (department, building, etc.).

Sandtrap can be set to Answer or Monitor; the modems themselves are never set to Auto-Answer. When Sandtrap is called in either mode, Sandtrap:

  • Logs the Caller ID (if available).
  • If in Answer mode, it then:
    • Tells the modem to answer the call,
    • Sends a user configurable banner/login prompt (we supply a sample for a UNIX system, but it's easy to change via the Emulation Tab in the graphical user interface).
    • If the caller responds, Sandtrap sends a user configurable password prompt.
    • If the caller responds to the password prompt, Sandtrap sends a user-configurable "success" or "failure" message.
  • Finally, Sandtrap logs the information collected and sends notification if so configured.
The modem will hang up after 30 seconds (configurable) regardless of the login banner or the intruder's response (if any). In Trap mode, caller is kept on line in a simulated enviornment. All text received from the caller is logged to hard disk, and displayed on the user interface.

Sandtrap can also notify you immediately upon being called, or upon being connected to, via an email message to an address you specify (pager, list, etc.) or via HTTP POST to a web URI you specify. Conditions that can be configured to generate notification messages include:

  • Incoming Caller ID (enabled by default)
  • Login attempt (enabled by default)
  • Modem disabled due to COM port errors (enabled by default)
  • Sandtrap application shutdown
Information about system status is displayed by the application's Graphical User Interface, and optionally on the Windows System Tray (task bar notification area). You can tell at a glance the status of a modem (on by default, can be turned off): disabled, enabled, listening enabled, ringing enabled, call in progress.

Sandtrap is distributed with a simple low-overhead web server, which allows users to create their own cgi-bin programs to process HTTP notification messages without the security and shared resource issues that might arise from adding this function to an existing server. The distribution contains an example CGI script (psalert.cgi) to work from.

Add Sandtrap to your security toolkit and better understand the risks you face.


New Features in Sandtrap 1.6

  • Additional alert logging capability - receive alerts to breakin attempts via syslog new
  • Pre-configured operating system login emulations to tempt would-be attackers new
  • Configurable number of rings to wait before Sandtrap "answers" the call new
Try the Sandtrap Demo
Download the Sandtrap Demo

System Requirements

Sandtrap does NOT require a powerful new computer.

Sandtrap requires a system running Windows 9X / NT4 / 2K / XP with:

  • Approximately 20 Megabytes of disk space
  • 16 Megabytes more RAM than the minimum required by your operating system
  • 1 line systems require a CPU meeting minimum OS specs
  • 4- or 16-line configurations require a minimum 400 MHz system
  • CD-ROM required for installation
  • 1 - 16 asynchronous RS-232 ports, COM port drivers, TAPI not required
  • 1 - 16 Hayes-compatible modems
    • If Caller ID is not supported, Sandtrap will operate without it
      • Without Caller ID the caller's phone number can't be logged

Sandtrap's minimal requirements give you the flexibility to:

  • Use a surplus computer
  • Save time in deployment
  • Conserve corporate resources for another security product like NetIntercept
Site materials © 1998 - 2009 Sandstorm Enterprises, Inc. The Sandstorm logo®, LANWatch®, NetIntercept®, PhoneSweep®, Sandtrap®, TCP.demux™, Single Call Detect™, Tools with sharp edges®, Rapid Event Analysis™, and Sandstorm Enterprises® are all trademarks or registered trademarks of Sandstorm Enterprises, Inc.