Phone number footprinting: phone directories (on-line and CD-ROM)
Wardialing (scanning): automatically dialing a range of numbers, like in telemarketing, using a hardware/software combination.
- PC with serial ports and modems it is all that is needed
- Software: ToneLoc, THC-Scan (free) and Phone Sweep (commercial). See book.
- Typically: one modem can wardial 10,000 numbers in 7 days of 24 hours.
- Telcos take this seriously and in many areas this is illegal (ping sweep is not).
Penetration Domains: once logs are obtained the connections can be classified as (see book for examples in QBASIC):
- LHF - easily guessed or commonly used passwords for known systems
- Single authentication, unlimited attempts
- Single authentication, limited attempts
- Dual authentication, unlimited attempts
- Dual authentication, limited attempts
Basic countermeasures: Inventory and consolidate modem lines, use at least dual authentication with limited attempts, put in DMZ.