Next message: mea culpa: "[ISN] Senate Passed Digital Millenium Copyright ACT"
Forwarded From: bluesky�t_private
Wardialer Goes Corporate
by Michael Stutz
5:45 p.m. 7.Oct.98.PDT
Wardialing was made popular in the 1983 film, War Games, but despite the
Hollywood plug, many corporations are still vulnerable to this kind of
cracker exploit.
And now wardialers are on the street. Sandstorm Enterprises unveiled the
first commercial wardialer last week. A standard for crackers, the
software programs dial telephone numbers and search for open connections
that might serve as entry points to computer or telecommunications
systems.
"[Wardialing] remains one of the best ways to bypass a properly deployed
firewall," said Brian Martin, senior security engineer for
penetration-assessment consultants RSI. "While the media and many
security companies harp on having expensive and elaborate firewalls,
admins repeatedly leave unsecured modems behind the firewall -- often
allowing full access to the corporate Intranet."
PhoneSweep, available for Microsoft's Windows 95, 98, and NT operating
systems, is a graphical wardialer that uses a commercial SQL database to
record the numbers it reaches. Its features include brute-force username
and password guessing, as well as screening fax-machine detection. It also
avoids the accidental dialing of 911.
"It goes far beyond what any wardialer can do," said Simson Garfinkel,
Sandstorm chief financial officer and co-author of the program. Garfinkel
is a former contributor to HotWired, a division of Wired Digital.
Most of the current wardialers were written in the 1980s by high school
students interested in committing toll fraud, said Garfinkel. The more
recent ones, he added, were built by crackers who wanted to commit
computer fraud.
Martin said that many of PhoneSweep's features -- including fax screening
and multimodem support -- can be found on some of the free wardialers,
like ToneLoc. "However, I think this tool might be quite useful," Martin
said. "Unlike the free tools out there, this one is designed with
corporate audit specifically in mind -- which is the key."
Peter Shipley, founder of Berkeley, California-based security consulting
firm Network Security Associates, has been running a research study on
wardialing. Shipley said he has dialed about 4.8 million numbers, gaining
access to systems that controlled a company's Internet connection,
environment controls for large buildings, and a fire department deployment
system.
Shipley said that password guessing is only good if the program can
automatically determine the kind of system it is running -- a feature that
no wardialer has.
Martin added that nothing beats interacting with a found system hands-on.
"If I was a security-savvy admin, it would be trivial to fool this program
into thinking my system was something else," Martin said.
PhoneSweep Basic, which costs US$980, controls one modem and holds 300
numbers in a scanning profile. PhoneSweep Plus, for $2,800, can control
four modems simultaneously and holds 10,000 numbers
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 13:07:00 PDT