One of my duties at work is to administrate our fax server, I'm just curious, does anyone know of vulnerabilities with having that 24 channel card on the network? There's no authentication, strictly free incoming faxes, can't someone hack into the network using one of these lines? Sorry, I'm not security, just a webmaster, thanks for any input...
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
fax server vulnerabilites
- Thread starter A1CnAF
- Start date
If you use a modem to dial into one of the fax server phone numbers, does it try to connect, or throw you off?
If the modem connects with a data session, then the modem setups were not well done, or the programmers left in a backdoor for maintainance.
If you connect, it might be worth a support call to find out how to stop the modems from answering in data mode.
If the modem connects with a data session, then the modem setups were not well done, or the programmers left in a backdoor for maintainance.
If you connect, it might be worth a support call to find out how to stop the modems from answering in data mode.
Generally speaking, the only vulnerabilities that I have seen on any of the commercial fax servers have been on the network side, not the telco side.
But, that is probably just because there aren't any good vulnerability tools for testing the telco side, and there is for the network side.
I agree about testing with the modem. Another potential issue is the ability to 'poll' the fax server. Nearly all faxes support a polling mode, in which a fax is stored on the machine and can be retrieved later. To test this, you need to call in to your system with fax software in the send mode, without a document to send. When the two systems connect, they will negotiate a number of things, one of which is do either of them have something to send.
If both have something to send, the fax that originated the call sends. If either one have something to send, then the one with the document sends (doesn't matter whether it originated or terminated the call).
If you use Procomm, you can do it through their fax software. I haven't tried others, but I have written my own that just determines whether or not you can poll, and if there is a password protecting the document. It is really straight forward.
Is your fax server inbound, outbound or bothway? Is your T-1 CAS or PRI? If it is CAS, have you had any issues with glare?
pansophic
But, that is probably just because there aren't any good vulnerability tools for testing the telco side, and there is for the network side.
I agree about testing with the modem. Another potential issue is the ability to 'poll' the fax server. Nearly all faxes support a polling mode, in which a fax is stored on the machine and can be retrieved later. To test this, you need to call in to your system with fax software in the send mode, without a document to send. When the two systems connect, they will negotiate a number of things, one of which is do either of them have something to send.
If both have something to send, the fax that originated the call sends. If either one have something to send, then the one with the document sends (doesn't matter whether it originated or terminated the call).
If you use Procomm, you can do it through their fax software. I haven't tried others, but I have written my own that just determines whether or not you can poll, and if there is a password protecting the document. It is really straight forward.
Is your fax server inbound, outbound or bothway? Is your T-1 CAS or PRI? If it is CAS, have you had any issues with glare?
pansophic
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question