An introduction to penetration testing  
Portcullis penetration test and  
security testing services  

 An Introduction to Penetration Testing - Dial-In Testing Contact Us Front Page

Dial-In Testing

Many organisations rely on dial-in systems, whether for travelling salespeople to keep in contact with the office, for shops to send in sales figures, for engineers to remotely monitor and control IT systems, or perhaps for regional offices to make requests of a central knowledge repository such as a database on a mainframe. Many organisations also use dial-out systems for Internet access, especially where a leased line is more expensive. A Dial-In Test will include one or all of the following:


Dial-In Modems

Furnished with the relevant phone numbers, the PPTT’s first move is to make a connection. From then on, the test is rather similar to that of a Major IP Penetration Test. However, here, it is easier to concentrate on the smaller number of targets presented by the server’s operating system, any internal routing and the security of the dial-in software on the server. Password attacks, buffer overflows and operating system vulnerabilities are most important here. The aim is to make privileged access first to the server and then to the internal services that users necessarily acquire. Once successful, the Team will stop testing and leave a footprint to prove their success. Further intrusion testing will then be an option.

Dial-Out Modems

Those modems that are set to dial out only are more secure. Unlike dial-in modems, the outsider cannot attempt to trespass at their leisure. Instead, they must wait for the user to make a connection to the Internet themselves. However, this is one of their few security advantages, overcome by the attacker waiting for the connection to appear, made easier when – as is often the case – the user is assigned a fixed IP address, or address range. The attack is then very much like an attack on a fixed connection except that there is generally less security: no firewall and sometimes no router. The test follows the same format as that of the Major IP Penetration Test.


This is a simple technique with tools for it readily available on the Internet. When the client wants a more realistic test (hackers are unlikely to know what phone numbers modems are on) or wishes to find and test unknown modems, wardialling comes into play. The process is simple. Take the PPTT as an example: our phone number is 020 8868 0098 and our fax number is 020 8868 0017, so an attacker would guess that any modems would be assigned in the range 020 8868 0000 to 020 8868 0099. They input this range into the wardialler program and it then automatically dials every single number, recording if the number is assigned, if it is a phone or a modem, and screen capturing any access screen found. The attacker then has the right numbers to attack. It is not guaranteed that modem numbers will be in the same range but the limits can always be extended. Once a connection is made, the test can proceed as above.

The PPTT only advises this method when the client suspects that unauthorised modems are plugged into PCs or devices on their internal network.


Back to First Page


Copyright © 1993-2001   The Penetration Testing Group  
Recip Links: Oxford Ref: ISO 17799 and Gateway Listed