Tweet
This type of scan is an old but useful one known as wardialing. In practice, wardialing is extremely simple compared to other forms of scanning in that it simply dials a block of phone numbers using a standard modem to locate systems that also have a modem attached and accept connections. On the surface, this type of technique is still very useful. Understand that modems are still used for at number of reasons, including the low cost of the technology, ease of use, and the availability of phone lines. Some networking equipment such as firewalls and routers use modems and phone lines as a means of backup management access or as a backup line for cable Internet, DSL, T1 and T3 connections used by equipment such as ATMs at unmanned locations. Telefaxes, PBX systems could be targets too. Internet access using a modem, require nothing but a modem and a phone line and if a computer is accessible in this manner, it is a potential pivot point for further attack. Of course, the use of modems vary greatly from country to country, but are also kept alive because of older technology and the capability of the area.
A modem should always be considered a viable backdoor access method to a given environment because they are frequently used in that manner by their owners when all other means fail. Also, access to a computer network this way might prove to be the easiest way around the target organizations protections like firewalls and IPS systems.
A number of tools are available. These are the three well-known ones.
ToneLoc
A wardialing program that looks for dial tones by randomly dialing numbers or dialing numbers within a given range. It can also look for carrier frequency of a modem or fax. It uses a file containing area codes and number ranges you want to dial, as input.
THC-SCAN
This is a DOS based tool that can use a modem to dial ranges of numbers in search of a carrier frequency from a modem or fax.
NUKSUN's PhoneSweep
This is one of the few commercial options available.
Wardialing is still a valid penetration method into an organization. Both penetration testers and organizations over look this attack vector, and does not give it the attention it needs, but a persistent attacker might find this door into an organization. Don't use facts such as the technology seems obsolete and outdated to put you into a false sense of security. Often these devices are completely unmonitored and maybe even unrecorded, meaning they are under the radar and their existence might even be forgotten about.
A modem should always be considered a viable backdoor access method to a given environment because they are frequently used in that manner by their owners when all other means fail. Also, access to a computer network this way might prove to be the easiest way around the target organizations protections like firewalls and IPS systems.
A number of tools are available. These are the three well-known ones.
ToneLoc
A wardialing program that looks for dial tones by randomly dialing numbers or dialing numbers within a given range. It can also look for carrier frequency of a modem or fax. It uses a file containing area codes and number ranges you want to dial, as input.
THC-SCAN
This is a DOS based tool that can use a modem to dial ranges of numbers in search of a carrier frequency from a modem or fax.
NUKSUN's PhoneSweep
This is one of the few commercial options available.
Wardialing is still a valid penetration method into an organization. Both penetration testers and organizations over look this attack vector, and does not give it the attention it needs, but a persistent attacker might find this door into an organization. Don't use facts such as the technology seems obsolete and outdated to put you into a false sense of security. Often these devices are completely unmonitored and maybe even unrecorded, meaning they are under the radar and their existence might even be forgotten about.