War Dialer

If you've seen the movie War Games, you've seen a primitive war dialer at work. Remember the scene where the kid sets up a modem to dial all of the phone numbers within a certain prefix? He's looking for computers, and he can tell because when you dial a modem it answers with a distinctive series of sounds. War dialers are generally available as freeware on hacker sites, although as the proliferation of the internet has grown their usage as fallen.

The war dialer in War Games is not very sophisticated as it only finds phone numbers which are suspected to be computer dial-in lines. A more aggressive version might actually attempt to determine the operating system, and a very aggressive version might attempt to perform some automated break-in attempts itself. It would do this by throwing some standard usernames and passwords at each phone line that it discovered.

So how does a company protect itself from war dialers? There are several things that can be done, and depending upon your budget and level of exposure you may want to do most or all of them.

One task is to set up your dial in modems to just those protocols and speeds that your users will actually use. Most modems negotiate with their dial in partners to determine how to communicate. This allows anyone with any type of modem to connect. If you restrict your dial in modem to just those speeds and protocols you actually use, then you lock out at least a few potential intruders.

Another thing you will need to do is ensure that nothing about your system is revealed to users who have not yet logged in. You see, sometimes a system will prompt dialup users with something like "Red Hat Linux 7.1..." which immediately tells intruders what operating system you are running. This means the potential intruder knows which set of break-in tools to use without even trying anything yet. If he does not know which operating system you are running, he will be forced to work harder to gain entry.

You can also get secure modems for all of your users as well as the dialup line. This means the two modems (the one answering and the one calling) must validate on a hardware level and would lock out all but the top level hackers and crackers. This is relatively expensive, however, as the security must be in place on all dial in users.

One of the very best defenses is something called Call Back. What this means is the operating system has an associated phone number with each username. When the user dials up the modem and logs in, the phone hangs up and calls back a pre-determined phone number. This is great for users who work off site from a single location, but it does not work well for users which move around from place to place.

Of course, you should keep firm control over the attributes of accounts which are allowed dial in access. First, check over your list of accounts to be sure only those that actually need dial in access have it. Second, force the highest level of security (frequent password changes, complex passwords and so on) on those accounts.

Some operating systems allow a second password for people who dial in. This makes intruders work extra hard, as they must crack two passwords instead of just one.

Finally, you must log all dial in attempts (especially failed attempts) and investigate them quickly and thoroughly.

One of the biggest challenges facing a network security person is that many of the modems connected to a network are undocumented or even unauthorized. It's difficult to monitor something that is unknown. Countering this problem requires a company policy with teeth (i.e., termination of anyone found to have installed a modem without notifying the appropriate people) and regular network security audits.