War Dialing
War dialing is a brute-force method of finding a back door into an organization's network. It is particularly effective against a perimeter defense. Most organizations have telephone numbers that are within a specified range and begin with the same prefix. For example, let's consider a fictitious company called Acme Networks. All of the company's telephone numbers begin with 895; there are 4,000 extensions; and the first extension is 1000. The range of telephone numbers for Acme Networks begins at 595-1000 and ends at 595-5000. War dialing usually employs an automated dialing system (a program) to call every telephone number for the organization, searching for modem connections.
The program logs a telephone number whenever it finds a modem. Later after the program has called every extension, the hacker can review the log for modems and go back and attempt to break into the system to which the modem is connected to gain access to the network.
This method almost always works for large organizations. When dealing with a company with several thousand telephone numbers, the odds are with the hacker that some of them are connected to modems. I worked for a large company that hired one of the big consulting firms to test the company's network security. The consulting firm was unsuccessful at penetrating the corporate firewall. However, it employed war dialing and identified several telephone numbers that were connected to modems. One of the modems was connected to a PC running PC AnyWhere, which had been enabled to allow someone to dial into the office from home. The consultants were able to gain access to the network by exploiting a flaw in an early version of PC Any Where that allowed a user to bypass the password protection. Once on the network the consultant was able to compromise almost every system it hit, and no one detected the illicit activity. The one exception was my group; we detected the activity on the systems for which we were responsible and made inquiries into the source of the activity. It was then that we were told that it had been a test of the corporate network security.
The source code for war dialing programs may be obtained easily at many hacker sites. Some of the programs available are ToneLoc, PhoneTap, and Blue Deep. If you are a programmer, you may be interested in viewing the code, but I do not recommend using these programs. A word of warning is necessary here: You should always be careful when downloading programs on the Web, but when downloading from hacker sites you need to be especially careful. To understand why simply reread the section on Trojan horses.
In this tutorial:
- Threats and Attacks
- The OSI Reference Model
- TCP/IP Protocol Suite
- Threats, Vulnerabilities, and Attacks
- Attacks
- Viruses
- Worm
- Trojan Horses
- Trap Doors
- Logic Bombs
- Port Scanning
- Spoofs
- Sequence Number Spoofing
- DNS
- DNS Poisoning
- Redirects
- Password Cracking
- Sniffing
- War Dialing
- Denial of Service
- Ping of Death
- SYN Flooding
- SPAM
- Smurf Attack