RE: war dialers, are they a current threat?

["Joseph Judge" <joej () ultranet com>]

All -

Wardialing has been a neglected area for a little while now.

Its kind of funny that folks remember the movie "War Games"
with a _very_ young looking Matthew Broderick -- but have
forgotten dialin modems and analog lines on employees' desktops
as a major threat avenue.

So -- *yes* the amazing Karnac predicts a rise in modem oriented
break-ins .... for a couple reasons:

- There has been a quiet rise in commercial wardialing tools.
Like the ISS and Cybercop net-based scanners, these new tools
are easier to use than the ToneLoc, wardial or other crude DOS
hacker tools.

Read: an idiot/script-kiddie can make some good progress without
knowing about parity, identifying prompts, obscure UUCP/uux
holes, etc. (YES - UUCP is enabled, in cron but unused and unknown
to the admins -- in a *lot* of machines I review in many companies)

- Apart from what I said above, which would indicate that hackers
have forgotten about this nice hole into companies, the rise in
these tools will "click" with the crackers before it "clicks"
with the complacent business world.

- Many, many - ridiculously many - companies cannot clean up the
analog phone lines on the employees desktops. They can't install
centralized dial-out and/or fax servers ... and are unwilling to
do the tedious effort required to migrate them out.

- I work for a techy-security practice line in a big-5 ... and
one set of services we do (a lot of) is penetration work (net,
modem, physical, etc.) There are large number of unwatched modems
with straight login prompts and PCAnywhere w/o passwords out there.

There are PCs with batch scripts to perform payroll, wood milling
machines, Sabre (airline reservation) systems, PCs that control
the environment for buildings, and routers with modems attached to
the console (which makes it easy to reboot on firmware so that
you can reset the 'enable' password, eh!)

        ... and this is a recap from only *ONE* range of phone numbers
during a single week's work. No bullsh*t. And this is not wildly
atypical.

An interesting side note -- the client gave us
too wide of a range, these were all non-client systems!!!) ... this
was  all with ToneLoc to ID the tones and manual efforts to actually
id the system and manually attempt logins/passwords.  Imagine if we
has Sandstorm's PhoneSweep available to us at the time!!! or the less
functional ISS phone scanner ... or the amazingly expensive
SecurLogix (?) thing?

- Add the fact that a lot companies are getting "into the groove"
with their network perimeter security (i.e. "firewall" is a
common term, many companies have incorporated it into their
processes ... even if they have not incorporated it into the
overall security stragegy).
Read: breaking in over the Internet is/will-be harder.
(Why keep banging against the hard front door? check the
many unwatched windows right there at ground level!!)

- Add the fact that most companies do not have a plan for
incident response. And, if they do, the modem's are not
watched/centralized. And, if they are, the modem-folks are
a different support group than the sexy-company-protector-folks
in the firewall org. (Eww ... yuck .. we don't want dial-in
security, thats not cool).

Wheee!


        -- joe


As a side note. I actually *hate* the whole Fear, Uncertainty and
Death/Doom (FUD) message.  My point in this email is a sharing of
the basic base set of facts/info as I see it (cool JCP?)


> -----Original Message-----
> From: owner-firewall-wizards () lists nfr net
> [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of R. DuFresne
> Sent: Tuesday, December 21, 1999 2:35 PM
> To: firewall-wizards () nfr net
> Subject: war dialers, are they a current threat?
>
>
> Do folks here consider war dialers a real threat in this day in age?
>
> How would others respond to a request in install a modem for dialup access
> to a server that one cannot secure becuase:
>
> 1)  There's no compiler to install tools to try and secure the system
>
>
> 2)  You are supposed to make this soft chewy available to the whole inside
> network
>
> Being that your pbx has no dialback feature, what's the best way to
> protect such a setup, if there is one?
>
>
> Thanks,
>
> Ron DuFresne
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior consultant:  darkstar.sysinfo.com
>                   http://darkstar.sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
>
> testing, only testing, and damn good at it too!