Firewall Wizards mailing list archives
RE: war dialers, are they a current threat?
From: "Joseph Judge" <joej () ultranet com>
Date: Fri, 24 Dec 1999 15:21:11 -0500
All - Wardialing has been a neglected area for a little while now. Its kind of funny that folks remember the movie "War Games" with a _very_ young looking Matthew Broderick -- but have forgotten dialin modems and analog lines on employees' desktops as a major threat avenue. So -- *yes* the amazing Karnac predicts a rise in modem oriented break-ins .... for a couple reasons: - There has been a quiet rise in commercial wardialing tools. Like the ISS and Cybercop net-based scanners, these new tools are easier to use than the ToneLoc, wardial or other crude DOS hacker tools. Read: an idiot/script-kiddie can make some good progress without knowing about parity, identifying prompts, obscure UUCP/uux holes, etc. (YES - UUCP is enabled, in cron but unused and unknown to the admins -- in a *lot* of machines I review in many companies) - Apart from what I said above, which would indicate that hackers have forgotten about this nice hole into companies, the rise in these tools will "click" with the crackers before it "clicks" with the complacent business world. - Many, many - ridiculously many - companies cannot clean up the analog phone lines on the employees desktops. They can't install centralized dial-out and/or fax servers ... and are unwilling to do the tedious effort required to migrate them out. - I work for a techy-security practice line in a big-5 ... and one set of services we do (a lot of) is penetration work (net, modem, physical, etc.) There are large number of unwatched modems with straight login prompts and PCAnywhere w/o passwords out there. There are PCs with batch scripts to perform payroll, wood milling machines, Sabre (airline reservation) systems, PCs that control the environment for buildings, and routers with modems attached to the console (which makes it easy to reboot on firmware so that you can reset the 'enable' password, eh!) ... and this is a recap from only *ONE* range of phone numbers during a single week's work. No bullsh*t. And this is not wildly atypical. An interesting side note -- the client gave us too wide of a range, these were all non-client systems!!!) ... this was all with ToneLoc to ID the tones and manual efforts to actually id the system and manually attempt logins/passwords. Imagine if we has Sandstorm's PhoneSweep available to us at the time!!! or the less functional ISS phone scanner ... or the amazingly expensive SecurLogix (?) thing? - Add the fact that a lot companies are getting "into the groove" with their network perimeter security (i.e. "firewall" is a common term, many companies have incorporated it into their processes ... even if they have not incorporated it into the overall security stragegy). Read: breaking in over the Internet is/will-be harder. (Why keep banging against the hard front door? check the many unwatched windows right there at ground level!!) - Add the fact that most companies do not have a plan for incident response. And, if they do, the modem's are not watched/centralized. And, if they are, the modem-folks are a different support group than the sexy-company-protector-folks in the firewall org. (Eww ... yuck .. we don't want dial-in security, thats not cool). Wheee! -- joe As a side note. I actually *hate* the whole Fear, Uncertainty and Death/Doom (FUD) message. My point in this email is a sharing of the basic base set of facts/info as I see it (cool JCP?)
-----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of R. DuFresne Sent: Tuesday, December 21, 1999 2:35 PM To: firewall-wizards () nfr net Subject: war dialers, are they a current threat? Do folks here consider war dialers a real threat in this day in age? How would others respond to a request in install a modem for dialup access to a server that one cannot secure becuase: 1) There's no compiler to install tools to try and secure the system 2) You are supposed to make this soft chewy available to the whole inside network Being that your pbx has no dialback feature, what's the best way to protect such a setup, if there is one? Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 20)
- Re: ipchains FW, monitoring for scans, & how to react to them R. DuFresne (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them R. DuFresne (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Crispin Cowan (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Crispin Cowan (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 21)
- war dialers, are they a current threat? R. DuFresne (Dec 22)
- Re: war dialers, are they a current threat? S. Jonah Pressman (Dec 24)
- RE: war dialers, are they a current threat? Joseph Judge (Dec 26)
- Re: war dialers, are they a current threat? Dorian Moore (Dec 28)
- Re: ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 21)
- Message not available
- Re: war dialers, are they a current threat? Eric Budke (Dec 24)
- Re: ipchains FW, monitoring for scans, & how to react to them R. DuFresne (Dec 21)
- <Possible follow-ups>
- Re: ipchains FW, monitoring for scans, & how to react to them Thom Dyson (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them cbrenton (Dec 23)
- Re: ipchains FW, monitoring for scans, & how to react to them Robert Graham (Dec 22)