Networking / Beginners

War Dialing

War dialing is a brute-force method of finding a back door into an organization's network. It is particularly effective against a perimeter defense. Most organizations have telephone numbers that are within a specified range and begin with the same prefix. For example, let's consider a fictitious company called Acme Networks. All of the company's telephone numbers begin with 895; there are 4,000 extensions; and the first extension is 1000. The range of telephone numbers for Acme Networks begins at 595-1000 and ends at 595-5000. War dialing usually employs an automated dialing system (a program) to call every telephone number for the organization, searching for modem connections.

The program logs a telephone number whenever it finds a modem. Later after the program has called every extension, the hacker can review the log for modems and go back and attempt to break into the system to which the modem is connected to gain access to the network.

This method almost always works for large organizations. When dealing with a company with several thousand telephone numbers, the odds are with the hacker that some of them are connected to modems. I worked for a large company that hired one of the big consulting firms to test the company's network security. The consulting firm was unsuccessful at penetrating the corporate firewall. However, it employed war dialing and identified several telephone numbers that were connected to modems. One of the modems was connected to a PC running PC AnyWhere, which had been enabled to allow someone to dial into the office from home. The consultants were able to gain access to the network by exploiting a flaw in an early version of PC Any Where that allowed a user to bypass the password protection. Once on the network the consultant was able to compromise almost every system it hit, and no one detected the illicit activity. The one exception was my group; we detected the activity on the systems for which we were responsible and made inquiries into the source of the activity. It was then that we were told that it had been a test of the corporate network security.

The source code for war dialing programs may be obtained easily at many hacker sites. Some of the programs available are ToneLoc, PhoneTap, and Blue Deep. If you are a programmer, you may be interested in viewing the code, but I do not recommend using these programs. A word of warning is necessary here: You should always be careful when downloading programs on the Web, but when downloading from hacker sites you need to be especially careful. To understand why simply reread the section on Trojan horses.

[Previous] [Contents] [Next]

In this tutorial:

  1. Threats and Attacks
  2. The OSI Reference Model
  3. TCP/IP Protocol Suite
  4. Threats, Vulnerabilities, and Attacks
  5. Attacks
  6. Viruses
  7. Worm
  8. Trojan Horses
  9. Trap Doors
  10. Logic Bombs
  11. Port Scanning
  12. Spoofs
  13. Sequence Number Spoofing
  14. DNS
  15. DNS Poisoning
  16. Redirects
  17. Password Cracking
  18. Sniffing
  19. War Dialing
  20. Denial of Service
  21. Ping of Death
  22. SYN Flooding
  23. SPAM
  24. Smurf Attack