PhoneSweep(R) 4.

4 README:

The changes from 4.02 to 4.4 are:

- Supports newer version of Conexant chipset.
- The bruteforce username/password list can now be viewed and
edited from the Effort tab.
- New option to run a report after the sweep is complete.
- New option on license screen to start with a new or different profile.
- Right-click popup menu on Modems and Status tabs allows reset
of modems, and setting of options for all modems (on Modems tab).
- Right-click popup menu on the Phone Numbers tab now includes
an option to open all phone numbers' call results.
- The debug.bat utility includes options for dbfix (fixing a
corrupted database) and the dongle diagnostic program. debug.bat
is now on the start menu, as "Troubleshooting Utility".
- User is warned if running on a battery only.
- Better handling of power management events. PhoneSweep will
attempt to stop a running sweep if machine goes into standby mode.
(This may not be supported on all hardware.)
- Charts now work under Office XP without the registry patch.
- More improvements in profile loading time.
- Fixed voice vs. timeout differential report option.
- mysqld-opt is used by default.
- Chart and report display start up faster.
- More System IDs added.

---------------------------------------------------------------

The changes from 4.01 to 4.02 are:

- Fixed a problem that could cause an assert error and/or false
penetration result when scanning some systems.
- Fixed functionality of nonstandard single call modes.
- Added more logging for diagnostics.
- Installer no longer overwrites phonesweep.ini file.
- The GUI now uses version 3.0.1 of the Qt library.

---------------------------------------------------------------

The changes from 4.0 to 4.01 are:

- Fixed a problem with stop alerts in Gold e-mail notification.
- Fixed a rare false positive penetration report for UNIX or Cisco System.
- The -nodongle flag is no longer required to run PhoneSweep in
simulated mode without a hardware license manager (dongle).

---------------------------------------------------------------

PhoneSweep 4.0 introduces the availability of the Gold features,

as well as some improvements to the basic PhoneSweep product.

PhoneSweep Gold is available as an add-on package to PhoneSweep.

The online help and documentation for Gold are included in all
copies of PhoneSweep. PhoneSweep Gold add-on features include:

- Distributed PhoneSweep: Link multiple copies of PhoneSweep for

remote operation, from one source.

- Merged Reporting: Generate a single report from multiple

profiles, giving the appearance of one large profile.
- E-mail Notification: Automatic e-mail notifications can be sent
to one or several e-mail addresses for specific PhoneSweep events.

If you don't currently have Gold and wish to upgrade to it, contact
Sandstorm Sales at sales@sandstorm.net or (617) 426-5056.

Improvements to the basic PhoneSweep package for 4.0 are:

- Faster profile loading, as much as 30x faster for large profiles with many call
results
- More system identifications
- A new "Find..." feature to search contents of Phone Numbers, Results, and History
tabs
- Improvements to the user interface, including more customization and graphics
- Reports can be canceled while they are in progress.
- History tab displays 250 results, up from 100
- Faster deletion of phone numbers by prefix
- COM port name is now included in "Opened COM port" in the status tab
- Multiple emergency numbers can be added at once, separated by commas or spaces
- All buttons are now keyboard traversable
- Help/About display now has a copy-to-clipboard button
- Warning messages display before turning off emergency number screening, and
before trying to sweep if the dongle has been removed

-----------------------------------------

Manifest:

The files included with PhoneSweep include:

- Acrobat4Reader.exe installs Adobe's Acrobat Reader, version 4.0.

The manual is readable and printable with version 3.0, but the
resolution of the screenshots may not be of high quality.

- bruteforce.txt. This is the default list of usernames and

passwords. It can be edited or replaced as described in the
manual. This version uses the new quoted-string format for the
data (see CHANGES below).

- checkmodems.exe will scan all of your COM ports for modems, report
whether or not a modem is usable, and if it supports Single Call
Detect(TM).

- dbfix.exe is a program that will attempt to recover a corrupted

database. Before using this program, we advise you to back up the
profile in question.

- debug.bat is a trouble-shooting utility.

- delay.exe is a command-line helper application that can be used if

the business/blackout hours scheme does not provide you with enough
functionality. For example, "delay 24 start" will start the engine
24 hours after the command is executed.

- hhupd.exe is the installer for HTML Help, described below.

- keysetup.exe is the installer for the hardware license management

drivers for Windows NT.

- license.txt is a text version of the PhoneSweep license.

 - Manual.pdf contains the complete PhoneSweep 3.0 user manual in a
format readable by Adobe Acrobat 4.0.

- misc.bat is a batch file that provides easy access to a number of

PhoneSweep functions related to the brute force username/password
database and exporting telephone numbers according to the results
of calls to them.

- ntsetup.bat is a batch file that runs keysetup.exe with the proper

arguments to install the hardware license manager on NT systems.

- phonesweep.chm is a version of the manual, readable by HTML Help.

- phonesweep.exe is the PhoneSweep executable.

- phonesweep.ini is an initialization file. When PhoneSweep creates

a new profile, any variables in this file will override
PhoneSweep's defaults. The modem settings are also stored here.

- phonesweep.log is created as a record of PhoneSweep's progress, if

your version is built to support logging.

- PS-Chart.xls is an Excel file that can be used to generate a pie

chart from an export of a profile's call history. Instructions are
included in the .xls file, on the "Lookup" worksheet. This file
and its associated macro can only be opened via Excel 2000. The
charts can be created from exported call history files from any
version of PhoneSweep, and PhoneSweep does not have to be present
on the machine that is utilizing PS-Chart.xls.

- QuickStart.pdf contains basic instructions for setting up and using

PhoneSweep, in a format readable by Adobe Acrobat 4.0.

- README.txt describes various release notes and a list of known

bugs.

- ReportTemplate.rtf is the template from which reports are

generated. This file can be edited as described in the manual.

- w95ws2setup.exe is the installer for version 2.0 of the WinSock API.

The "profiles" directory contains the profiles that the user has
created, and all information associated with them. Profile names are
made all uppercase and preceded with "PS_". In order to backup or
archive sweep data, the directory associated with the profile can be
copied to another location.

Un-installation of PhoneSweep does not remove any calling profiles.

PhoneSweep can be safely un-installed and re-installed without losing
saved work.

---------------------------------------------------

Instructions for installing the optional USB dongle

Sandstorm now offers a USB dongle as an alternative to the parallel port

dongle for Windows 98 and Windows 2000 systems only. The USB dongle
should be installed before installing the PhoneSweep software. We
recommend the following installation steps for the USB dongle:

1. Insert the PhoneSweep CD in your CD-ROM drive. The USB drivers are on the CD.
2. Plug the dongle into an available USB port.
3. If your system detects the dongle, proceed to step 5.
4. If your system didn't detect the dongle, try rebooting. If it still
doesn't detect the dongle, use the Manual Installation steps below.
5. If you are given the option to choose a device type, choose "Other Devices"
or "Unknown Device".
6. At the hardware list screen, click on the "Have Disk" button.
7. Select your CD-ROM drive with the PhoneSweep CD in it, as the location
of the drivers.
8. Back at the hardware list screen, choose the appropriate USB Dongle
selection for your version of Windows.
9. Proceed with the rest of the installation as prompted by Windows.

Manual Installation: If your system was unable to detect the USB dongle,
manually install the driver as follows:

1. Plug the dongle into an available USB port.

2. Open the Control Panel. Open the Add New Hardware or Add/Remove Hardware
panel, depending on your system.
3. Follow the steps to add a new device. When you are given the option to
choose a device type, choose "Other Devices" (Win98) or "Add a new device"
(Windows 2000).
4. If Windows asks you to either search or select the hardware from a list,
choose to select from a list.
5. At the hardware list screen, click on the "Have Disk" button.
6. Select your CD-ROM drive with the PhoneSweep CD in it, as the location
of the drivers.
7. Back at the hardware list screen, choose the appropriate USB Dongle
selection for your version of Windows.
Proceed with the rest of the installation as prompted by Windows.

-----------------------------------------

The changes from 3.0 to 3.01 are: Single call detect is now supported
for the 3.3v Conexant chips used in many newer modems. 3.01 also
includes a fix for the dummy IP address requirement (the "Can't connect
to engine" error), and a few other bug fixes. Several new system
identifications have been added, and a problem with penetration of
Shiva LanRover has been fixed.

PhoneSweep can now be upgraded to Plus 12 and Plus 16 modem versions

and we have an expanded list of Tested and Approved Modems. Please
see the Manual for the latest System Requirements and Modems list.
Our website (http://www.sandstorm.net) will have post-release updates.

--------------

PhoneSweep 3.0 is a complete revision of the entire PhoneSweep tool

suite, with improved performance (critical when loading large
profiles), upgraded MySQL Database, fully revised User Interface and
new features that widen the range of PhoneSweep's capabilities.

With the revision comes a change in PhoneSweep's System Requirements:

Minimum requirements: (For 1 modem, with small profiles): 200 MHz

PC or laptop, with 32MB RAM, Intel Celeron/PII and 50MB of free disk
 space to store the PhoneSweep program and the profiles you create.
If you plan to use Single Call Detect, bruteforcing PPP systems or
use 4 modems, using PCs with 333 MHz to 400 MHz processors is advised.

Optimal requirements: (For 8 modems and/or Large profiles) 333 MHz

PC or laptop, with 64MB RAM, Celeron/PII or Pentium III, and 100 MB
of free space to store the PhoneSweep program and profiles you create.
If you have profiles over 10,000 numbers (i.e., above our supported
level of operation), using a 400 MHz processor is advised.

Additional Minimum System Requirements for PhoneSweep Plus 12 or 16:

600 MHz Pentium III or equivalent, 128 MB of RAM (256 MB RAM for profiles
larger than 30,000 phone numbers), 100 MB of hard drive.

Operating System: PhoneSweep is now certified to run under

Windows 95, 98, NT 4.0 and Windows 2000. The two platforms we
recommend most are Windows 98 and 2000, for their stability.

Modem and Serial I/O Hardware recomendations: Please see our

"Recommended Modems" and "Multiport Cards" lists in the manual
or visit the Recommended modems link on our main website
(http://www.sandstorm.net/).

New Features in 3.0:

- Edit time periods and notes for single number or all phone numbers in
a given profile (Alternumber), or phone numbers contained under a
single prefix (Alterprefix). [Right click over the number or prefix
you want to change to call pop-up menu.]

- Schedule Stop and Start Sweep times: Fine-tune stop and start times
for individual profiles. [Click and hold on the Start button to
display the scheduling options popup, or bring up the submenu under
File->Start.][To schedule multiple profile sweeps, contact Sandstorm
about our Delay command.]

- Graph (needs Excel 2000): Create a Pie Chart directly from PhoneSweep.
[Select Graph button after or during sweep, wait for Excel to start,
click to enable Macros when prompted, then select the large yellow
button entitled "Click here to create a pie chart of your sweep results."]

- Select your own Bruteforce UserID/Password source file or export

contents of your selected source to a new file. [Select Import or
Export buttons at top of PhoneSweep.]

- Handles phone numbers ranging in size from 1 digit to 18 digits.

- Enhanced User Interface: We have made our User Interface even more
User Friendly, with better feature location, Icons and pop-up box
help. Features include:

- History Tab now shows the last 100 calls.

- Set your own Emergency numbers on a per profile basis
- Report Options now on one unified Panel
- Import Options now on one unified Panel, with expanded choices
for Exporting and Importing Call History Results, PhoneNumbers
and UserID/Password information.
- Expanded/Improved Help functions, including "what's this" help
on UI elements
 - Easier Add Phone Numbers Dialog Box
- Improved Call Detail
- Selectable Sort Order for many display columns.
- Pop-Up Call Detail (Select individual phone number on either
PhoneNumber or Results tab and right click to get pop-up menu,
then select "Show Call Detail").

- New Utility: BruteCreate.exe to Create New UserID/Password source

files from separate UserID and Password files. Comes with two source
files:

- LargeBrute.txt contains basic Hacker's Dictionary list of common

passwords.
- LargeBruteback.txt contains the same passwords spelled backwards.

- New Source text files to aid in penetration testing your UserID/Passwd

security:

- Bruteforce.txt has been expanded to cover some of the most

common userID/password combinations.
- SystemDefault.txt has default UserID/Password information for
several common Systems

---------------------------------

NOTICES

The changes from 2.0 to 2.04 are a MySQL security fix, and
improvements to the identification system: more systems, including
the NetOp remote control system, are recognized; and a bug in the
CarbonCopy identification scheme has been fixed.

The significant new features of PhoneSweep 2.0 are PPP brute-forcing,

differential reporting, an Excel Charting capacity, and the ability
to view the list of all calls that were placed to a phone number on
the Phone Numbers tab. Please see CHANGES below.

There are significant changes in PhoneSweep 2.0. See CHANGES below.

Please read the license agreement and accompanying documentation.

Make sure that you have clear permission to dial all phone numbers in
a profile BEFORE you dial.

If you are installing PhoneSweep on a Windows NT system, the hardware

license manager must be attached to the parallel port during
installation and the installation must be done with "Admin"
privileges in effect. If this is not done, PhoneSweep will be unable to
access the hardware license manager for permission to dial until you
run the "ntsetup.bat" file in the top-level PhoneSweep directory.

PhoneSweep requires Winsock 2.0. This is included by default in

Windows 98 and Windows 2000. If it was not already present on your
Windows 95 or NT computer, and was not installed during PhoneSweep's
installation, it can be installed with the w95ws2setup.exe program on
the distribution CD-ROM.

PhoneSweep uses HTML Help. This is included by default in Windows 95

with Internet Explorer 4.01 or later. If HTML Help was not updated
during the PhoneSweep installation, it can be installed with the
 hhupd.exe program on the distribution CD-ROM. If HTML Help is not
installed, you will not be able to access the on-line documentation
via PhoneSweep's Help button.

If on start-up, PhoneSweep reports that certain required files are

missing (which can happen if the system crashes while the underlying
database is running), PhoneSweep must be un-installed and
re-installed. Saved calling profiles will not be lost.

KNOWN BUGS, version 2.01:

PhoneSweep's User Interface can sometimes become disconnected from

the dialing engine. If this happens, an explanatory window will be
brought up while PhoneSweep continues to dial. This can usually be
avoided by leaving Windows's mouse focus on the PhoneSweep window.

If the user begins a scan at the "Connect" level of effort, and then
switches to "Detect", the engine will not re-scan numbers, despite
the fact that they were only identified as "Unknown."

If a profile is re-loaded, some old brute-force results in the History

tab will show up as CARRIER_CONTINUED. The results will also be
listed in reverse order.

If the username-limit-per-day is reached, brute-forcing will stop for

the day (just on that number if recycle-names is turned on), but
dialing will continue. Always set the phonenumber-limit-per-day when
the username-limit-per-day is set.

If the phonenumber-limit-per-day is reached on all numbers,

PhoneSweep will not automatically stop the sweep, or inform the user
that sweeping will continue the next day. (The "no numbers to dial
in this time period" icon will still be activated.) In addition, if
this limit is then increased, PhoneSweep may not begin dialing until
the profile has been closed and re-opened.

If multiple modems are using the same set of usernames and passwords
at the same time, they may both attempt the same username/password
pair and skip the next one. Limits on a username being called per
day are still maintained.

If the Note associated with a calling profile has a period character

on a line by itself in it, it will be truncated on re-load, and could
cause the GUI to become out of sync with the rest of the program. Do
not place periods on a line by themselves in profile Notes.

PhoneSweep does not currently support phone numbers that are less
than two characters in length. If such numbers are required, this
can be worked around by appending or prepending formatting characters
which will be ignored by the modem, such as spaces or dashes.

The PhoneSweep UI will not properly group telephone phone numbers

that are less than or equal to the current PREFIX-BUCKET-LENGTH value
(default is 2). A work-around is to adjust the PREFIX-BUCKET-LENGTH
variable when you need to use short phone numbers.

Some laptops, such as the Dell Latitude, use the parallel port's
ground pin to transmit signals to communicate with peripherals, such
as an external floppy drive. Such drives cannot be used while the
 hardware license management device is connected.

CHANGES from 2.01 to 2.04:

The default MySQL permissions database has been changed to improve

security.

EXPORT BRUTEFORCE now exports the bruteforce.txt in the same order

that it was imported. The old functionality, sorting by username,
then by password, is still available with the EXPORT BRUTE-SORT
command.

CHANGES from 2.0 to 2.01:

A bug which affected CarbonCopy identifications has been fixed. The

bug was not present in 1.11. CarbonCopy systems may have shown
up as "Unknown" in version 2.0.

More systems are recognized, including the NetOp system.

Drivers for a USB version of the dongle are included. If you are
using a laptop PC which has problems communicating with the dongle,
contact Sandstorm to determine if the USB version could resolve them.

The Excel charting program has undergone some minor modifications to

support untrained carrier (call result = 11) responses.

CHANGES from 1.11 to 2.0:

Dialing:

PhoneSweep now performs brute force guessing against PPP systems,

including NT RAS systems, except those configured to use the
Microsoft proprietary Secure Password Authentication Protocol.

PhoneSweep now identifies over 250 kinds of remote systems. This

includes determining characteristics of PPP and RAS systems.

PhoneSweep will now place carrier calls while in the Penetrate effort
level even if there are no entries in bruteforce.txt.

The SINGLE-CALL-VOICE-TIMEOUT variable allows the user to specify a

timeout (applicable only in Single Call Detect mode) after the remote
phone has been answered; If there are no recognizable tones during
that time, PhoneSweep hangs up and considers the number a Voice. If
you are leaving blank voice mail messages, you may wish to consider
reducing the value of this variable - the default value is 5, you may
not obtain reliable results with values less than 3.

We support a new file format for bruteforce.txt. In it, the username

and password are enclosed in quotation marks (e.g. "user" "test").
Unquoted text on a line is ignored, and may be used for comments.
The '\' (backslash) character is used to embed quotation marks in a
username or password, and \\ is used to embed a single backslash.
Control characters other than Ctl-@ (0) and Ctl-Z (26) are allowed in
quoted strings.

"userid" "guess" is a really weak combination.

"qu\"ote" "back\\slash" shows how they are inserted.
 The old format, where everything before a tab, comma or space was
taken as the username, and everything after as the password, is being
deprecated. Support will continue for at least two major releases of
PhoneSweep, but you are advised to convert existing bruteforce.txt
files to the new format at your earliest convenience.

GUI:

There is a new results tab paradigm. "No Facsimile" is now its own
category. If a sweep for both modems and fax machines was run to
completion, there shouldn't be any "No Facsimile" results left - that
is, they should all have been moved into another category, such as
"Carrier" or "Timeout." You can also do searches on the Results tab.

You can see the individual calls made to each phone number in the
Phone Numbers tab. When a call has been made to a phone number, its
icon will change from a telephone to a folder; this folder can be
expanded to show what calls have been made.

The "Save" and "Revert" buttons will only be active when there are
unsaved variables.

The user has the option of not loading the results of old profiles.
Loading results of large profiles can take a long time. To restore
the old behavior, the user can simply choose "Don't ask me again" and
press the "Load" button on profile load.

The user can right-click on the tree-view in the Phone Numbers tab or
Results tab to collapse all the expanded folders.

In Penetrate mode, the UI will display the username and password used
in a brute-force attempt in the phone number tab, the results tab,
and the history list on reload. This will be prefixed by either
PENETRATED or LOGIN FAILED, depending on whether the attempt
succeeded.

Database:

PhoneSweep has an updated version of the MySQL database. This change

will eliminate some instances in which PhoneSweep would stop dialing
if a screen-saver or power management was turned on. The database
schema remains unchanged (all profiles created by PhoneSweep 1.03 and
later may be used interchangably).

Connections to the database are now opened only when needed.

Reporting:

Differential reporting has been added to PhoneSweep, comparing two

different profiles. This allows users to easily see what has changed
between subsequent sweeps.

The report now prints Unknown Modem responses in a new section. This
section can be modified or changed by altering the "Responses From
Unknown Modems" sections just before Appendix A in
ReportTemplate.rtf. If you have installed over a previous version of
PhoneSweep, you will need to manually copy over ReportTemplate.rtf
from the CD-ROM if you want the newer version.
 A bug that caused some anomalies to not be printed in the anomaly
section has been fixed.

A new profile variable has been added, REPORT-NUMBERS-PER-LINE. This

sets how many phone numbers are listed on each line in the report.

Other:

There are new export formats for extracting lists of numbers of a

certain type, but they are only accessible in 2.0 via misc.bat - the
UI will handle them in a future release. Similarly, the IMPORT
command can now be run while PhoneSweep is scanning, but this is not
currently available via the UI.

The result type "Untrained Carrier" is now treated as a "carrier" in

most cases. "Untrained Carrier" results occur when PhoneSweep starts
the handshake connection with a remote modem but the call is dropped
by the answering modem before synchronization can be completed.

If PhoneSweep cannot detect the hardware license management device,

it checks to see if the driver files are installed and reports if
they cannot be found.

On Windows 95 and 98, PhoneSweep can be set to automatically launch

on boot. It will not start sweeping on boot.

PhoneSweep will complain if you attempt to start it while your system

date is before the year 1970 or after the year 2038.

CHANGES from 1.10 to 1.11:

A bug that could cause PhoneSweep to crash while disconnecting from

certain systems has been fixed.

A bug was fixed which could cause modems to be treated as fax

machines when dialing without Single Call Detect.

If multiple numbers were identified as both fax and modem, the report
code would also show the last one in the anomaly section. Now all
are listed.

If a COM port should become unwritable, PhoneSweep will disconnect

the modem on its own.

A bug in the system identification routines that could be by-passed

by setting the TICKLE-STYLE variable to the value "103" has been
permanently fixed.

The ReportTemplate has been altered: some font sizes have been
altered on the executive summary, the font for the modem response
page has been set to Courier, and page numbers have been added.

Checkmodems.exe has been altered: Checkmodems explicitly reports if a

modem does not support Single Call Detect.

Profile.ddl has a new field for future versions. It is not currently

being used.
CHANGES from 1.03 to 1.10:

IMPORTANT:

PhoneSweep now implements Single Call Detect (TM) with certain

modems. This feature allows PhoneSweep to make one phone call to
identify faxes and carriers. It also gives much more reliable tone
and voice identification, and doesn't leave blank messages on
answering machines or voice mail systems.

PhoneSweep ships with the Acrobat Reader 4.0 installer. The manual
is readable with version 3.0, although the screenshots are unreadable
when printed from 3.0.

The report has better handling of binary data. The user has the
option of replacing binary data with various representations, and can
specify a minimum threshold before these actions occur.

The minimum threshold of unprintable (binary) characters required to

consider a response string "binary" (and hence unprintable) has been
changed from 3 to 50. Profiles created under 1.03 will be more
readable if this value is increased manually from 3 to a higher
number, such as 50.

Version 1.1 has better remote system identification and penetration.

The effort-level selection is now always accurate when the user

switches profiles, and the user is always warned about selecting a
different effort level.

When one number is in the phone number list multiple times, one
instance of it can be deleted without affecting the others.

"Rescan" and "Copy Profile" now modify notes as they should.

The user is asked for verification before a shutdown.

The "Save", "Revert" and "Default" that were on each sub-tab

underneath "Options" have been pulled out to the top level UI window.
The same has been done with the "Generate Report" button.

CHANGES from 1.02 to 1.03:

IMPORTANT:
The dongle now records the number of calls that PhoneSweep makes.
You can monitor the usage of PhoneSweep by viewing the Help->About box.

IMPORTANT:
The profiles that version 1.03 uses are slightly different than the
profiles that 1.02 uses. PhoneSweep will automatically promote 1.02
profiles to 1.03 profiles. Profiles that are converted or created by
1.03 will not be usable by 1.02.

IMPORTANT:
Certain variables are now stored on a global basis, rather than a
per-profile basis. These are the variables associated with modems,
that tend to be the same across different profiles on the same
machine. The variables are which modems are being used, the COM port
they are mapped to, the initialization string, the fax-initialization
string, and the speaker control. They are stored in the
phonesweep.ini file.

Changes to the GUI include:

- Shutdown cannot be aborted.
- Icons at the bottom of the window describe state of PhoneSweep.
- Shortcut keys added.
- "Save" saves all changed variables in all sub-tabs.
- Results tab displays system identifications on re-load of profile.
- The UI is now running with JIT disabled.

Changes to the report include:

- Entries are replaced with "N/A" if they are not relevant.
- New report section for identified and unidentified modems.
- Split dialed numbers into dialed carrier and dialed fax numbers.
Also split percent of assigned numbers dialed into fax and carrier
values.
- Better handling of duplicate numbers.

PhoneSweep dynamically determines the number of modems to show in the

Status and Options->Modems tabs. A version of PhoneSweep that handles
8 modems simultaneously is in Beta.

Arbitrary selection of COM ports is now available; each modem can be

mapped to an arbitrary port from COM1 to COM255. Sweeping will not
start and the user will be warned if there are conflicts.

Profiles that are incomplete or read-only will not show up in the profile
list.

A mode of trying more forceful hangups is available by setting

MODEM-FORCE-HANGUP in the .ini file.

A new initialization variable, FAX-INIT-STRING, is available through

the .ini file. This string is sent after the modem enters fax mode.

The initialization of modems on each call has been improved; with most
modems this should cause calls to start more rapidly.

Any null-characters received by a remote modem are automatically

changed into underscores.

If PhoneSweep notices serious problems with the data stored in a profile,

it will prompt the user to remove the suspicious entries. Declining this
option may cause internal problems until PhoneSweep is re-started.

Profile names do not need to begin with a letter.

The probing of remote systems has been improved: an issue that caused
passive PPP systems (such as NT RAS) to go unidentified has been resolved.

The handling of timeouts on remote systems has been improved.

The export functionality has been expanded greatly. Usernames and

passwords will not be listed on calls without brute-force attempts,
and identification strings will not be listed on non-carrier calls.

The import command has been improved to handle separators and blank
lines better.
 PhoneSweep can now recognize some fax machines while making carrier
scans with certain modems.

The default time period for phone numbers imported from a file is
settable in the .ini file as IMPORT-DEFAULT-TIMEPERIOD. The default
is 30, all time periods.

Usernames and passwords are only saved in a calling profile when a

brute-force test has been made.

The user can select the profile with which PhoneSweep will start with
the command line switch "-profile [name]". A list of profiles can be
generated by leaving [name] blank or with "-listprofiles." A new
profile can be created on start-up with the switch "-newprofile [name]".

Tcptrace now traces both sides of the TCP communication.

All stopping of modems, whether due to user request or modem error,

are logged. The user is explicitly told about "NO DIALTONE" and "MODEM
ERROR" messages.

Identification logic has been improved: CarbonCopy false alarms

have been reduced; PPP detected more reliably; direct access to
a Cisco Terminal Server identified separately.

Brute-forcing improved: if a call terminates with a guess in

progress, it is assumed to be a failed guess; PhoneSweep will
deal better with systems that indicate login-failures on just one
of the username or password; PhoneSweep will stop brute-forcing a
system that stops responding to brute-force attempts.

The installer always overwrites files when installing.

CHANGES from 1.01 to 1.02:

If PhoneSweep cannot recognize any username/password prompts on its first

call, it does not attempt to ever do brute-forcing on that number.

The default timeouts have been increased by 12 seconds, to improve

the chances of carrier detection.

The timeout logic in the dialer has been improved. Among other
things, this improves the chances of detection, and allows PhoneSweep
to respond more quickly to the user pressing the 'Stop' button.

Bugs that surfaced if the user selected zero rings or a blank

number of rings have been fixed.

When a new profile is created, PhoneSweep will read the phonesweep.ini

file, if it exists, and initialize the profile with those variables.

The report will now indicate "1 day" instead of "1 days".

PhoneSweep will separately track the consecutive errors and the total
number of errors that occur on each modem, and only disable a modem
based on the number of consecutive errors.

Modem errors, such as parity errors or framing errors, are now handled
 more elegantly.

The engine verifies that phonenumbers that are added do not contain
illegal characters.

The database is being explicitly flushed when data is added to it.

Before this, the database could sometimes leave data in memory for
many hours, causing work to be lost if PhoneSweep or Windows crashed
in the meantime.

The username/password table is locked on importing, decreasing the

amount of disk activity when loading a new list of usernames and
passwords.

The modems are initialized in a different order. The user-supplied

init-string is the second-last string sent to the modem, allowing the
user to override any of PhoneSweep's initialization routines, except
for setting FAX mode.

The parity is explicitly being set to 8 bits, no parity, 1 stop bit.

The user can now set a default baud rate for the modems. If a modem
cannot support a given baud rate, PhoneSweep will report that the
modem is not responding.

A section of code that could cause PhoneSweep to crash on some fax

machines when in identify-mode has been removed.

PhoneSweep identifies many more systems.

If the dongle is not attached, PhoneSweep will prompt the user to

attach it without needing to restart the program.

If PhoneSweep does not think it can brute-force a phone number, it

does not call back to try any usernames or passwords.

NO_FACSIMILE calls have been removed from Appendix B of the report.

Better handling of importing phone numbers. For example, if no time

period is listed on a line, that number is assumed to be dialed during
all time periods. PhoneSweep will assume that there is no time
period on a line if it cannot find a tab, comma-space, or space-space
on a line.

PhoneSweep now detemines the Windows Root by looking in the system

registry.

PhoneSweep will explicity check for ws2_32.dll on start-up.

The Results tab on the GUI loads much more quickly. This will
especially be noticed when opening a profile with several thousand
results.

The on-line help file now includes internal hyperlinks from one part
of the document to another, including tables of contents.

CHANGES from 1.0 to 1.01:

A potential overflow condition that would cause the engine

to stop dialing on four modems with several thousand phone
numbers after several hours of calls has been fixed.

Duplicate 'VOICE' entries removed from real-time results.

Doesn't count down time-remaining if no calls are being made.

When sweeping has completed, time-remaining will be 0:00:00.

Automatically attempts to put modem to X6 mode.

Phone numbers can start with zeros.