[8909] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Comparison of THC-SCAN v2.0 with Sandstorm PhoneSweep 1.02

daemon@ATHENA.MIT.EDU (vh)
Sun Jan 3 16:24:59 1999

Date: 	Sun, 3 Jan 1999 01:12:24 +0100
Reply-To: vh <vh@REPTILE.RUG.AC.BE>
From: vh <vh@REPTILE.RUG.AC.BE>
X-To:         simsong@VINEYARD.NET
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <013b01be3344$94a9c7e0$165ce8c7@computername.vineyard.net> from
              "Simson L. Garfinkel" at "Dec 29, 98 11:02:00 am"

Hi folks!


I come back to Aleph1's policy that someone may defend his product ,-)
Dear Aleph1, please let this email through and then begin to kill
the thread. I try to make my arguments for and against my "product"
and the one from sandstorm as balanced as possible.
Just to clear some errors and marketing hype.


Well, an email from Simson Garfinkel to me says:

>Like you, I have little interest in starting a public flame war. And if you
>think that I have made some mistakes in my evaluation of THC-SCAN, I would
>very much like to correct them in the version of the evaluation that we
>post on our website. As I indicated in my posting, I think that there is a
>role for both THC-SCAN and for PhoneSweep.

I take this chance here. So here we go.


> > Telephone scanning is really old. Toneloc and my own scanner Thc-Scan have
> > been used for ages. An since some months also an expensive commercial tool
> > is available which really sucks (www.sandstorm.net).
>
> As far as we know, Mr. Van Hausen hasn't had actual experience with
> PhoneSweep.

It is true that I didn't have a copy of that program. However I read all
available descriptions how it works so I can say I have a very detailled
overview. (But I'd welcome a copy of the professional version ;-)

> 1. OVERALL DESIGN
>
> THC-SCAN 2.0 is set of MSDOS-based programs that are designed to be
> run from the DOS command line.
> PhoneSweep runs under Windows 95, 98 or NT. The telephone scanner can
> dial numbers from either pre-determined ranges or from a list.

Thc-Scan was coded in mind to run on as much platforms as possible
with as much automation as possible. I think I achieved that goal quite
well. Also it's internal configuration for what to scan and in which way
to interpret the results is very flexible. It is not designed to do phone
scanning only, it should & will show any number which behaves unusually.
PhoneSweep on the other hand has got other customers. These are
guys with not much knowledge about carrier hacking but have to perform
phone audits as part of their internal security checks.

> PhoneSweep has an identification engine that can recognize more than
> 120 different system types, including Microsoft RAS, CarbonCopy, and
> pcANYWHERE. PhoneSweep has an integrated brute-force engine which can
> brute force a variety of identified systems.

In the past 3 years I received about 60 emails of people who requested that
feature, auto-Identification and auto-Hacking. I didn't put that in for a
purpose (it's trivial to implement). By this any kid without any knowledge
could hack/crack any system which has got default accounts enabled.
When people do darkside hacking they should use their brain and not just
"run a program".
You call my program evil, yours was written by the devil himself ,-)

> 2. MARKET
>
> THC-SCAN was developed by The Hacker's Choice, a German computer
> hacking organization. In his announcement, van Hausen identified
> potential users of the program as "hackers/phreakers." THC has several
> features that are designed to facilitate covert use, such as a "BOSS
> KEY" that replaces the computer's screen with an incongruous bitmap
> and ceases all dialing operation. The program has several features
> that are designed to defeat (or at least detect) attempts by Deutsche
> Telekom to detect telephone scanning from residential lines. THC is
> distributed freely over the Internet.

every point is correct. except: THC is a european hacking/phreaking group
and I made the source for Thc-Scan available because well known security
experts asked me to give them the source ... So the target customers of
Thc-Scan are not only hackers/phreakers, but also the expert security
community. (but not your customers. your customers wouldn't like the
behaviour and complexity of my program.)

> Support is not available.

not a commercial support. ,-)  I answer all emails, naturally.
And the source code is support by itself (well, but then again not *this*
code ,-)


> 3.4 Automatic Parity Detection
> THC-SCAN will automatically determine the parity of dial-up systems.
>
> PhoneSweep does not automatically determine the parity of contacted
> systems. Instead, PhoneSweep will attempt to automatically detect the
> operating system or remote access software used on the remote device.

I'd propose to add this feature to your product. it's easy to implement and
really important. If I put a unix system up with a modem configured to 7E1,
your product won't identify this.
In short: there's nothing bad or evil about adding features from an
"underground program". Those guys sometimes have a good idea. accept this.

> For brute force attacks, PhoneSweep can be configured to limit the
> number of times each day that a phone number is called, or limit the
> number of times that a specific username is guessed. This can prevent
> the system from unintentionally locking out valid usernames when a
> scan is being performed.

This is evil! If you are authorized to do your security audit you may check
the password lists for weak passwords instead of cracking them like a hacker
would do. That would be faster and more professional anyway!
,-)

> 3.10 License Restrictions
>
> THC-SCAN is distributed with a relatively broad license agreement that
> does not control the program's use but that does control
> redistribution. People who resell THC-SCAN are forbidden from charging
> "more than twice the whole productional (sic) costs."  Furthermore,
> "if THC-SCAN is used as part of a commercial service that is sold to
> customers (e.g. Security Audits)," the "paper/email/electronical
> medium etc. must explicitly mention that "Thc-Scan v2.0 by van
> Hauser/THC" was used"

you take money, I take fame. Thats the reward a programmer/hacker/phreaker
gets.

> THC-Scan does not automatically identify VMBs and Unused numbers. What
> it does is identify phones that stop ringing but do not answer with a
> modem tone.

just at note that this point: 100% of those numbers identified as unused
numbers (with the -U parameter) are identified correct.

> > * full source code!
>
> Source code for Sandstorm PhoneSweep is restricted to prevent unauthorized use.

In your website you tell your costumers NOT to use underground products
because no source code is available and there'd always be trojans in it.
No there's a program available with source and you make this statement.
marketing shit.

> Overall, both products appear to be well-evolved to their intended
> markets, but generally inappropriate for each other's.

I fully agree with that statement.

> PhoneSweep, on the other hand, is tailored for the needs of auditors

It is tailored for several things. but exactly not for these.

Sorry that I put "sandstorm sucks" in my posting. What I think about the
sandstorm product:
        Good: 4 modems supported (but only in the professional version)
        Bad:  it costs money, no source code, Windows only application,
              only carrier scanning possible, few functionality.
        Mixed Feelings: GUI only, ID of carriers + auto-cracking.


Last words: I didn't reply to all those compares what features each product
supports and whats good/bad about this. Most are presented with a marketing
hype and are WRONG, but we can discuss these in private.
Everything I did is there for a purpose and it does it's job well.


Outlook: I think about programming a distributed wardialer for unix with
tcp/ip to control each daemon running. Is there interest for that out there?


Ciao...
                van Hauser / THC - [The Hacker's Choice]


THC's Webpage -> http://r3wt.base.org


Type Bits/KeyID    Date       User ID
pub  2048/CDD6A571 1998/04/27 van Hauser / THC <vh@reptile.rug.ac.be>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQENAzVE0A4AAAEIAOzKPhKBDFDyeTvMKQ1xx6781tEdIYgrkrsUEL6VoJ8H8CIU
SeXDuCVu3JlMKITD6nPMFJ/DT0iKHgnHUZGdCQEk/b1YHUYOcig1DPGsg3WeTX7L
XL1M4DwqDvPz5QUQ+U+VHuNOUzgxfcjhHsjJj2qorVZ/T5x4k3U960CMJ11eOVNC
meD/+c6a2FfLZJG0sJ/kIZ9HUkY/dvXDInOJaalQc1mYjkvfcPsSzas4ddiXiDyc
QcKX+HAXIdmT7bjq5+JS6yspnBvIZC55tB7ci2axTjwpkdzJBZIkCoBlWsDXNwyq
s70Lo3H9dcaNt4ubz5OMVIvJHFMCEtIGS83WpXEABRG0J3ZhbiBIYXVzZXIgLyBU
SEMgPHZoQHJlcHRpbGUucnVnLmFjLmJlPokAlQMFEDVE0D7Kb9wCOxiMfQEBvpAD
/3UCDgJs1CNg/zpLhRuUBlYsZ1kimb9cbB/ufL1I4lYM5WMyw+YfGN0p02oY4pVn
CQN6ca5OsqeXHWfn7LxBT3lXEPCckd+vb9LPPCzuDPS/zYnOkUXgUQdPo69B04dl
C9C1YXcZjplYso2q3NYnuc0lu7WVD0qT52snNUDkd19ciQEVAwUQNUTQDhLSBkvN
1qVxAQGRTwgA05OmurXHVByFcvDaBRMhX6pKbTiVKh8HdJa8IdvuqHOcYFZ2L+xZ
PAQy2WCqeakvss9Xn9I28/PQZ+6TmqWUmG0qgxe5MwkaXWxszKwRsQ8hH+bcppsZ
2/Q3BxSfPege4PPwFWsajnymsnmhdVvvrt69grzJDm+iMK0WR33+RvtgjUj+i22X
lpt5hLHufDatQzukMu4R84M1tbGnUCNF0wICrU4U503yCA4DT/1eMoDXI0BQXmM/
Ygk9bO2Icy+lw1WPodrWmg4TJhdIgxuYlNLIu6TyqDYxjA/c525cBbdqwoE+YvUI
o7CN/bJN0bKg1Y/BMTHEK3mpRLLWxVMRYw==
=MdzX
-----END PGP PUBLIC KEY BLOCK-----

home help back first fref pref prev next nref lref last post