lptv4 module 33 wardialing

7/24/2019 LPTv4 Module 33 Wardialing

1/23

ECSA/LPT

- o u eWar Dialing


2/23

Penetration Testing Roadmap

Start HereInformation Vulnerability External

Gathering Analysis Penetration Testing

Router andrewa

Penetration Testing

Switches

Penetration Testing

Network

Penetration Testing

IDS

Penetration Testing

Wireless

Network

Penetration Testing

Denial of

Service

Penetration Testing

Password

CrackingStolen Laptop, PDAs

and Cell Phones

Social

EngineeringApplication

Contd

EC-CouncilCopyright byEC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Penetration TestingPenetration Testing



3/23

Penetration Testing Roadmap

Contd

Physical Database VoIP

ecur ty

Penetration Testing

enetrat on test ng enetrat on est ng

rus an

Trojan

Detection

War Dialing VPN

Penetration Testing

Log

Management

Penetration Testing

File Integrity

Checking

Blue Tooth and

Hand held

Device

Penetration Testing

Telecommunication

And BroadbandEmail Security

Penetration Testing

Security

PatchesData Leakage

End Here





4/23

War Dialing

War dialing involves the use of a program in conjunction with a modem-

continually dialing in.

It is the exploitation of an organization's telephone, dial, and privatebranch exchange (PBX) system to infiltrate the internal network inorder to abuse computing resources.

Software programs used for war dialing are known as War dialers.




5/23

War Dialing (contd)




6/23

War Dialing Techniques

Basic Wardialing Sweep (BWS):

The program calls a range of phone numbers without humanintervention and identifies a set of known carrier signals.

In this technique, a Basic Wardialing Sweep (BWS) is conducted

Multiple Wardialing Sweep (MWS):

sequen a y y us ng range an con on o con gura onparameter.

It conducts separate sweep for each devices such as fax machine.

The dialed range of phone numbers that are attended with a

Attended Wardialing Sweep (AWS):



pro ess ona stener s prov e to etect rregu ar e av or anunknown devices.


7/23

Why Conduct a War Dialing

War dialing penetration testing is conducted

Check whether anyone from your organization has attachedmodem to your network.

C ec w et er your aut orize mo ems are vu nera e to rea -inby a wardialer.

Check whether your modems reveal banners with their identity.

accessible by PSTN.

Check whether your modem provided by manufacturer holds adefault password.

Check whether there is any unknown open access to a legacysystem.

Check whether security audits across your organization is regularly



Check whether your network has security holes.


8/23

Pre-Requisites for War Dialing

Confirmation about the number to bedialed

Approval from the organization

Authorization from the telephonecom an

Notify to all parties which may be affected

Agreement for date and timing

Exclude business critical systems




9/23

Software Selection for War

There are three general categories of software programs to perform war

Commercial:

Use or speci ic mo em poo s or remote access so utions

Homegrown: These programs are compiled by network administrators and used to find out

if they can get a phone number to pick up an incoming call

Hackerware:

These programs are generally used by hackers

Attackers may conceal call-back schemes into these program which canmonitor and record the data flows



It may record unexpected outgoing email containing private information


10/23

Guidelines for Configuring

Check the country option, because different countries have different ringtonesw c may con use e mo em.

,

Select the proper detection level to detect voice, fax, carriers, tones, andvoicemail.

, - - .



ry o use ar ware ow con ro .


11/23

Guidelines for Configuring Different

Check the Modem Command set and ensure that

commands.

Check your PBX or switch and check whetherthey have dialing features or not.

Keep the serial port at the proper speed.

Check the timeout option and allocate the



enough time per phone.


12/23

Recommendations for Establishing

Pre are a schedule for re ular and routinewardialing

Establish the process to access and securecritical contacts

Prepare a remote access policy for employees

Provide training to employees for recognizing



social engineering techniques


13/23

Interpreting War Dialing Results

o ect t e ata n ata ase

A phone number that is constantly busy mayhave modem or other critical resource

Categorizes the carriers

If war dialing detects any unauthorized device,



then remove or shut-off that device


14/23

War Dialing Tools

-


15/23

List of War Dialing Tools

A-Dial Dialer

Assault dialer

Autoscan

Dialing Demon

Doo Tools

Bbeep

BlueDial

_

Fears Phreaker Tools

GunBelt

Carrier

CATCALL

HyperTerm

LapLink

Code Thief Deluxe

CyberPhreak

-

Mhunter

OkiPad



Demon Dialer

PCAnywhere


16/23

List of War Dialing Tools (contd)

PhoneSweep THC-scan

PhoneTag The Little Operator

rea aster

Procomm Plus

one oc

Ultra-Dial

Professor Falkens Phreak Tools VrACK

-

Super Dial X-DialeR



SecureLogix Zhacker


17/23

PhoneSweep

PhoneSweeper is a wardialing tool.




18/23

THC Scan

numbers.




19/23

ToneLoc

ToneLoc is a popular war dialing computer program for MS-DOS.

It dials numbers to look for some kind of tone.

Command line options for ToneLoc:

ToneLoc [DataFile] /M:[Mask] /R:[Range] /D:[ExRange] /X:[ExMask]/C:[Config] /S:[StartTime] /E:[EndTime] /H:[Hours] /T[-] /K[-]

Find PBXs.

Find loops or milliwatt test numbers.

It is use to:

Find dial-up long distance carriers. Find any number that gives a constant tone, or something that your

modem will recognize as one.

Findin carriers other modems .



Hacking PBXs.


20/23

ModemScan

. .ModemScan is a GUI wardialer software program that utilizes Microsoft

.

Features:

ModemScan works with the hardware you already own and does notrequire the additional purchase of specific or specialized hardware

Randomly selects and dials phone numbers from the dial ranges list

sequential dialing

Runs multiple ModemScan copies with more than one phone lineand modem on the same computer

mpor s comma e m e ex es con a n ng p one num ers orranges

Flexible phone number dialing

Utilizes Microsoft's Telephony settings for easy modem and location



setup


21/23

War Dialing Countermeasures

SandTrap can detect war dialing attempts and notify the administrator

, ,message, pager, or via HTTP POST to a web server.

Con itions t at can econfigured to generatenotification messages

include:

Incoming caller ID. Login attempt.




22/23

Summary

War dialing involves the use of a program in conjunction with a modem to-

in.

e ree eren ypes o war a ng ec n ques are as c ar a ng weep(BWS), Multiple Wardialing Sweep (MWS), and Attended Wardialing Sweep(AWS).

The three software categories to perform war dialing are commercial,homegrown, and hackerware.



.


23/23



lptv4 module 33 wardialing

Documents