Firewall Wizards mailing list archives
RE: war dialers, are they a current threat?
From: "LeGrow, Matt" <Matt_LeGrow () NAI com>
Date: Thu, 23 Dec 1999 07:10:00 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ron, I actually wrote a wardialer a few years back, so I may be uniquely qualified to give you an answer :-) I believe it is necessary to secure any sort of outbound dialing access. In the age of callerID, wardialers and codehackers are obviously much less effective and less widely used than they used to be. Very esoteric systems still exist waiting to be found, but I tend to believe the focus of illegal activity is on the internet. Back a long time ago, when I was a young lad of suspicious moral bent, there was definitely some interest in the Internet in the hacking community, but we were also surrounded by Tymnet, Telenet, Datapac, BBSs, and other distractions. Because of the lack of interconnectedness there was a great interest in code hacking and especially wardialing. Now the internet *is* the hackers' world, and it doesn't require abusing a phone line. Its preferable because anonymity is far more attainable, and everything is interconnected and essentially "free". So hackers have sort of evolved past wardialing to access systems because there is plenty to play with without it. That having been said, its always a good idea to try and secure modems which could potentially cause problem. Its much more tempting to be able to dial out knowing that its not your line. My favorite trick with internet and telenet outdials used to be accessing them and issuing a hayes redial command, to see what the last user accessed. Consider some hacker logging in after your legitimate user and using the tool that you set up to try and hack whatever system or service it was supposed to provide access for. Thats a very legitimate and real threat. Not that I believe any of the script-kiddies today know the meaning of a Hayes command sequence... ;-) Matt LeGrow Network Associates, Inc. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Note: Opinions expressed herein are most certainly NOT that of my employer:-)
-----Original Message----- From: R. DuFresne [mailto:dufresne () sysinfo com] Sent: Tuesday, December 21, 1999 2:35 PM To: firewall-wizards () nfr net Subject: war dialers, are they a current threat? Do folks here consider war dialers a real threat in this day in age? How would others respond to a request in install a modem for dialup access to a server that one cannot secure becuase: 1) There's no compiler to install tools to try and secure the system 2) You are supposed to make this soft chewy available to the whole inside network Being that your pbx has no dialback feature, what's the best way to protect such a setup, if there is one? Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Crypto Provided by Network Associates <http://www.nai.com> iQA/AwUBOGI7SfbW52zw8/NBEQJ9aACfYrcR6hDLUnQ7gZw5pxueo2xti5MAoIoK YjYJPed8Pxai5ttnwde4Ny1X =TULL -----END PGP SIGNATURE-----
Current thread:
- RE: war dialers, are they a current threat? LeGrow, Matt (Dec 26)
- <Possible follow-ups>
- RE: war dialers, are they a current threat? jboles (Dec 28)