Corelan Cybersecurity Research

In this short post, I’ll explain one of the techniques to monitor whether a modem is listening for incoming calls on a machine, using Operations Manager 2007. Assuming that you may have some modems that get turned on when someone needs to dial in (for whatever reason), and *should* be disconnected afterwards. So you would like to get alerted when a modem is turned on and RRAS is configured to put the modem in listening mode.

This is how it works :

Create a Unit monitor – Scripting – Two state monitor

Target Windows Operating System. Keep the monitor disabled for now. Save the monitor in a custom management pack.

Schedule : run every 15 minutes or so

Script : choose a good name for the script (e.g. checkifmodemison.vbs) and set the timeout (1 minute should be ok)

Option Explicit

‘

‘ Script that runs an external tool and tries to

‘ determine if a modem is turned on and listening or not

‘ Written by Peter Van Eeckhoutte

‘ https://petersblog.dyndns.org:8899

‘ peter.ve@telenet.be

‘ Feb 2008

‘ version 1.0

‘

Dim oArgs

Set oArgs = Wscript.Arguments

Dim oAPI

Dim objShell

Dim objScriptExec    

Dim oBag

Dim modemturnedon

modemturnedon="false"

Set oAPI = CreateObject("MOM.ScriptAPI")

‘get args

If oArgs.Count < 2 Then

‘ If the script is called without the required arguments,

‘ create an information event and then quit.

Call oAPI.LogScriptEvent(Wscript.ScriptName,101,2,Wscript.ScriptName + " script was called without the necessary 2 arguments ( and was not executed.")

Wscript.Quit -1

End If

Call oAPI.LogScriptEvent(Wscript.ScriptName,101,0,Wscript.ScriptName+" script was launched with " + Cstr(oArgs.Count) + " arguments.")

‘launch getmodemstatus

Set objShell = CreateObject("WScript.Shell")

Set objScriptExec = objShell.Exec(oArgs(0)+" "+oArgs(1))

modemturnedon= trim(objScriptExec.StdOut.ReadLine)

Set oBag = oAPI.CreatePropertyBag()

Call oBag.AddValue("ModemTurnedOn",modemturnedon)

Call oAPI.LogScriptEvent(WScript.ScriptName,101,0,WScript.ScriptName+" script completed successfully. ModemTurnedOn : "+modemturnedon)

Call oAPI.Return(oBag)

You can download the latest copy of the script from here :

Leave the parameters field empty for now.

Unhealthy expression :

Healthy expression :

Set the monitor health states

Set alerting properties

Save the monitor

On every host that needs to be monitored, you need to put a small executable : getmodemstatus.exe

Download from here
GetModemStatus.zip (2.3 KiB)

Create an override for the monitor, and select the server that needs to be monitored.

Enable the monitor and set the parameters as follows :

"" "comport where the modem is connected to"

Save the override. Wait until the management pack gets distributed and the script kicks in.

You should see the following 2 events when the script runs :

If the modem is turned on, the second event will show this in the description :

If everything has been set up, you should now get an alert in OpsMgr

If the modem is turned off again and RRAS does no longer grab the comport , the alert will be resolved (if that is how you’ve set up the alerting properties)

Enjoy !