Generic RAS numbers are for "general purposes." Commonly, companies forget about them because these telephone lines are included in the monthly contract costs for "Support and Help Desk." In most other cases, companies simply don't know about these active phone lines because they are connected to extremely old machines or are the result of an ancient network architecture drawn by somebody else. Usually the original system administrators left many years ago.

The following has happened to us so many times when trying to collect modem-PSTN information: The CTO on duty isn't able to give us any kind of useful data related to this proposed attack vector for the penetration test. A common answer usually goes along these lines, "Uh, yeah, I think we used to have something like that...But I'm not so sure I could collect this information for you guys...You know, we established those modem lines ten years ago, and the guy managing all of that doesn't work here anymore I'll try to do my best...By the way, I don't think somebody will ever attack us from PSTN, c'mon, we are in 2008 the Internet would be the attack media."

Some weeks later, just after the sales guys have been able to include the PSTN attack vector in the legal authorization forms and have them signed, our team will usually find a couple of "forgotten" modem!

In these cases, the "security level"—the robustness of accounts and passwords since most attack techniques involve login brute forcing and social engineering—might be extremely low, providing the penetration tester—or the attacker—with very easy access to the target company's internal network.

