lptv4 module 33 wardialing_norestriction

ECSA/LPT

EC Council M d l XXXIIIEC-Council Module XXXIII

War Dialing

Penetration Testing Roadmap

Start HereInformation Vulnerability External

Gathering Analysis Penetration Testing

Fi ll Router and InternalFirewall

Penetration Testing

Router and Switches

Penetration Testing

Internal Network

Penetration Testing

IDS

Penetration Testing

Wireless Network

Penetration Testing

Denial of Service

Penetration Testing

Password Cracking

Stolen Laptop, PDAs and Cell Phones

Social EngineeringApplication

Cont’d

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Penetration TestingPenetration Testing Penetration TestingPenetration Testing

Penetration Testing Roadmap (cont’d)(cont d)

Cont’dPhysical S i

Database P i i

VoIP P i T iSecurity

Penetration Testing

Penetration testing Penetration Testing

Vi dVirus and Trojan

Detection

War Dialing VPN Penetration Testing

Log Management

Penetration Testing

File Integrity Checking

Blue Tooth and Hand held

Device Penetration Testing

Telecommunication And Broadband Communication

Email Security Penetration Testing

Security Patches

Data Leakage Penetration Testing

End Here



Communication Penetration Testing

gPenetration Testing

Penetration Testing

War Dialing

War dialing involves the use of a program in conjunction with a modem to penetrate the modem-based systems of an organization by to penetrate the modem-based systems of an organization by continually dialing in.

It is the exploitation of an organization's telephone, dial, and private p g p pbranch exchange (PBX) system to infiltrate the internal network in order to abuse computing resources.

Software programs used for war dialing are known as War dialers.



War Dialing (cont’d)



War Dialing Techniques

Basic Wardialing Sweep (BWS):

• The program calls a range of phone numbers without human intervention and identifies a set of known carrier signals.

• In this technique, a Basic Wardialing Sweep (BWS) is conducted q ti ll b i d diti f fi ti

Multiple Wardialing Sweep (MWS):

sequentially by using range and condition of configuration parameter.

• It conducts separate sweep for each devices such as fax machine.

• The dialed range of phone numbers that are attended with a f i l li i id d d i l b h i d

Attended Wardialing Sweep (AWS):



professional listener is provided to detect irregular behavior and unknown devices.

Why Conduct a War Dialing Pentest?Pentest?

War dialing penetration testing is conducted to:

• Check whether anyone from your organization has attached modem to your network. Ch k h h h i d d l bl b k i

to:

• Check whether your authorized modems are vulnerable to break-in by a wardialer.

• Check whether your modems reveal banners with their identity. • Check whether inventory devices like Fax machine on your PBX is Check whether inventory devices like Fax machine on your PBX is

accessible by PSTN.• Check whether your modem provided by manufacturer holds a

default password.h k h h h k l• Check whether there is any unknown open access to a legacy

system.• Check whether security audits across your organization is regularly

conducted or not.



conducted or not.• Check whether your network has security holes.

Pre-Requisites for War Dialing Penetration TestingPenetration Testing

Confirmation about the number to be dialed

l f h i iApproval from the organization

Authorization from the telephone companyp y

Notify to all parties which may be affected

Agreement for date and timing

Exclude business critical systems



Software Selection for War DialingDialing

There are three general categories of software programs to perform war dialing:dialing:

d f ifi d l l i

Commercial:

• Used for specific modem pools or remote access solutions

Homegrown:

• These programs are compiled by network administrators and used to find out if they can get a phone number to pick up an incoming call

Hackerware:

• These programs are generally used by hackers• Attackers may conceal call-back schemes into these program which can

monitor and record the data flows

Hackerware:



• It may record unexpected outgoing email containing private information

Guidelines for Configuring Different War Dialing SoftwareDifferent War Dialing Software

Check the country option, because different countries have different ringtones hich ma conf se the modemwhich may confuse the modem.

If possible, turn on the Error control.If possible, turn on the Error control.

Select the proper detection level to detect voice, fax, carriers, tones, and voicemail.

Check the fax recognition keep the fax modems to fax mode or data modeCheck the fax recognition, keep the fax modems to fax-mode or data-mode.

T t h d fl t l



Try to use hardware flow control.

Guidelines for Configuring Different War Dialing Software (cont’d)War Dialing Software (cont d)

Check the Modem Command set and ensure that the modem accepts standard Hayes and AT the modem accepts standard Hayes and AT commands.

Check your PBX or switch and check whether they have dialing features or not.

Keep the serial port at the proper speed.

Check the timeout option and allocate the h h



enough time per phone.

Recommendations for Establishing an Effective War Dialing Processan Effective War Dialing Process

Prepare a schedule for regular and routine epa e a sc edu e o egu a a d out e wardialing

Establish the process to access and secure critical contacts

Prepare a remote access policy for employees

Provide training to employees for recognizing



social engineering techniques

Interpreting War Dialing Results

C ll h d i d bCollect the data in database

A phone number that is constantly busy may have modem or other critical resource

Categorizes the carriers

If war dialing detects any unauthorized device,



then remove or shut-off that device

EC Council

War Dialing Tools

EC-Council

List of War Dialing Tools

A-Dial Dialer

Assault dialer

Autoscan

BASTap

Dialing Demon

Doo Tools

DTMF d BASTap

Bbeep

BlueDial

DTMF_d

Fear’s Phreaker Tools

GunBelt

Carrier

CATCALL

HyperTerm

LapLink

Code Thief Deluxe

CyberPhreak

Deluxe Fone-Code Hacker

Mhunter

OkiPad

PBX Scanner



Deluxe Fone Code Hacker

Demon Dialer

PBX Scanner

PCAnywhere

List of War Dialing Tools (cont’d)

PhoneSweep THC-scan

PhoneTag

Ph kM

The Little Operator

T L PhreakMaster

Procomm Plus

ToneLoc

Ultra-Dial

Professor Falken’s Phreak Tools

Scavenger Dialer

VrACK

WildDialer Scavenger-Dialer

Super Dial

WildDialer

X-DialeR



SecureLogix Zhacker

PhoneSweep

PhoneSweeper is a wardialing tool.



THC Scan

It is a type of war dialer that scans a defined range of phone It is a type of war dialer that scans a defined range of phone numbers.



ToneLoc

ToneLoc is a popular war dialing computer program for MS-DOS.

It dials numbers to look for some kind of tone.

Command line options for ToneLoc:

ToneLoc [DataFile] /M:[Mask] /R:[Range] /D:[ExRange] /X:[ExMask] /C:[Config] /S:[StartTime] /E:[EndTime] /H:[Hours] /T[-] /K[-]

i d

• Find PBXs.• Find loops or milliwatt test numbers.

It is used to:

• Find dial-up long distance carriers.• Find any number that gives a constant tone, or something that your

modem will recognize as one.• Finding carriers (other modems).



g ( )• Hacking PBXs.

ModemScanwww wardial netwww.wardial.net

ModemScan is a GUI wardialer software program that utilizes Microsoft Windows Telephony Windows Telephony.

Features:

• ModemScan works with the hardware you already own and does not require the additional purchase of specific or specialized hardware

• Randomly selects and dials phone numbers from the dial range’s list to prevent line termination from phone companies which detect to prevent line termination from phone companies which detect sequential dialing

• Runs multiple ModemScan copies with more than one phone line and modem on the same computerI t d li it d t t fil t i i h b • Imports comma delimited text files containing phone numbers or ranges

• Flexible phone number dialing• Utilizes Microsoft's Telephony settings for easy modem and location



p y g ysetup

War Dialing CountermeasuresSandTrap ToolSandTrap Tool

SandTrap can detect war dialing attempts and notify the administrator immediately upon being called or upon being connected to via an email immediately upon being called, or upon being connected to, via an email message, pager, or via HTTP POST to a web server.

C di i h b Conditions that can be configured to generate notification messages include:

• Incoming caller ID. • Login attempt.



Summary

War dialing involves the use of a program in conjunction with a modem to penetrate the modem-based systems of an organization by continually dialing penetrate the modem-based systems of an organization by continually dialing in.

Th th diff t t f di li t h i B i W di li S The three different types of wardialing techniques are Basic Wardialing Sweep (BWS), Multiple Wardialing Sweep (MWS), and Attended Wardialing Sweep (AWS).

The three software categories to perform war dialing are commercial, homegrown, and hackerware.

THC Scan is a type of war dialer that scans a defined range of phone numbers



THC Scan is a type of war dialer that scans a defined range of phone numbers.

lptv4 module 33 wardialing_norestriction

Documents

multiple wardialing sweep

perform war dialing

war dialing tools

attended wardialing sweep

ec council ec

war dialing

continually dialing

war dialer