#acl SecurityClass2010Group:read,write,admin All:read = Remote Connectivity and VOIP Hacking = ==== By Roger Gomez ==== == Analog dial-up hacking == * (POTS) Plain old telephone system * Modems vs. gateways * Dial-up hacking is approached by: footprint, scan, enumerate, exploit. * War dialers == Phone Number Foot printing == * Start with phone directories * War-dial the entire exchange (555-555-1212) dial all numbers within (555-555-XXXX): 10,000 * Using multiple modems makes the job faster * Call the company and get corporate account information. == Phone Number Foot printing == * Websites may have corporate information published for the public. * The WHOIS interface may be the most reliable source of information. == War-Dialing == * Hardware * DOS and a modem * Basic PC with 2 COM ports and a serial card * Multi port card: allows for multiple modems * 10,000-number range will take 7 days of 24 hour dialing. == War-Dialing == * Software * Toneloc: Dos-based freeware war-dialing application * THC-Scan: Dos-based freeware war-dialing application * PhoneSweep: proprietary gui-based war dialing applicaiton == Brute-Force Scripting == [Dr. A: Be a little more specific one what these actually mean.] * Low Hanging Fruit (LHF) * Single Authentication, Unlimited attempts * Single Authentication, Limited attempts * Dual Authentication, Unlimited attempts * Dual Authentication, Limited attempts == Voicemail Hacking == * Brute-force voicemail hacking: compromise the system manually or by programming a brute-force script. * Simple script: script dials the voicemail system, waits for the greeting, enters the voicemail box number, enters pound to accept, enters a password, enters pound again, and repeats the process. * '''Countermeasures''' * Lockout on failed attempts == Virtual Private Network Hacking == * Virtual Private Network: is a computer network that is layered on top of an underlying computer network. The link layer protocols of the virtual network are said to be tunneled (Encapsulated) through the underlying transport network. * http://www.alpha-apr.com/vpn/flowVPN.jpg == Virtual Private Network Hacking == * Google Hacking for VPN: is a simple attack vector that has potential to provide devastating results. * Google search ; Filetype:pcf; [Dr. A: I thought you said that this didn't work in your lecture?] * Counter: user awareness. Don’t publish important information on the web. * Probing IPSec VPN Servers: using nmap to scan UDP-port 500 to see if its available. * Counter: there isn't much you can do to prevent against these attacks. [Dr. A would add, these techniques doen't always work and if they don't, you are kind of stuck working less direct angles.] == Voice Over IP Attacks == * Voice Over IP: the transport of voice on top of an IP network. * SIP Scanning: targeting SIP proxies and other SIP devices. * Counter: There is nothing you can do to prevent against Sip scanning. == Quiz == 1. What is war dialing? 2. What two basic computer components do you need to conduct a war-dialing session? 3. Name one level for categorizing the data collected by war-dialing. 4. What’s a VPN 5. What's Voice Over IP? 6. Besides corporate espionage what other scenarios would you use voicemail hacking for? == Answers == 1. War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers. 2. Dos and a Modem. 3. Low Hanging Fruit (LHF) 4. Virtual Private Network is a computer network that is layered on top of an underlying computer network. 5. Voice Over IP is the transport of voice on top of an IP network. 6. To spy on your cheating wife. Back to Cptr427Winter2010