SEMiSLUG Notes
9 May 2002
Question & Answer Sessions
- Has anyone else been getting loads of test message from test@sohu.com
(Subject: Test)?
- Yes. No. Maybe. Not all of us have scrutinized our spam folders
that closely.
Rev. George got 50 or so similar ones; looks like they're walking
his domain testing addresses.
- What's the best of the 20-or-so GUI's to gdb?
- This may surprise you, but ... Kdevelop has a really nice interface.
Paul played with gdv earlier and wasn't impressed with it.
- Anyone used one-wire temperature probes?
- Troy has some sitting around and was wondering what to do with them.
Paul played with the demos on their website and they were pretty
straight-forward.
MJO played with one that was thousands of miles and way and got it
to work in 10-15 minutes.
- Where do you insert these probes, Cartman?
- Ask the aliens.
- Jobs? (Long term? Summer?)
- MJO's brother is looking for a summer job in south-east Michigan or
maybe Grand Rapids. (Computer stuff, data entry, or anything that
isn't food service or Amway.)
- Housemates?
- Yes, Troy is looking for new sources of income in his role as
"live-in slum-lord." Contact him if you need a place to live.
- When is Paul next hosting a house-warming party?
- May 18th (a Saturday). At 20:00 or so. Maybe earlier.
- Apache modules for bandwidth throttling that don't suck ... do they exist?
- FreeBSD 4.4 (4.3?) with Apache and mod_throttle. The SysV config
won't compile and the POSIX one fills the log file with errors
and/or warnings.
"Upgrade to 4.5. 4.4 was never stable. 4.3 is okay, but
has some security issues. Upgrade to 4.5." -- MRW
mod-throttle _will_ work with Apache under FreeBSD. Check the
mail archives for discussion on this.
- Other than mod_throttle and in-kernel stuff, what is there?
- You could put a delay pool using Squid. (Read the docs.)
- Good deals on laptops and/or PDA's?
- http://www.compgeeks.com/
Second Wind PC's in Troy, MI has some deals and offers a miniman
warranty on things.
(If you want a Libretto, go to eBay.)
- Adaptec IDE RAID controllers (for Winboxen) ... anyone used 'em?
- Their new one is supposed to be pretty good.
- Anyone played with NFSv4?
- Good bet that Dr. Honeyman has.
MJO hadn't heard anything about NFSv4 that was a good enough
arguement for switching from NFSv3. Howver, there's a v4 splinter
group that's doing remote DNA voodoo that sounds interesting
(i.e. really fast).
- Cheap SBus Ethernet adapters? (I.e. under $20)
- eBay's probably the best bet. (MRW might have one.)
- Anyone tried the various Linux firewall distributions? If so, opinions?
- Dave New's played with Smoothwall for a while. IPcop has grown out
of the last open source version of Smoothwall; rumor has it's as
good as Smoothwall ever was and argueably better. (And it's Free!)
- Where is everyone?
- Probably got blown off the road by high winds.
- How many cookies am I expected to eat this evening?
- One more.
- Troy wants to buy old video games; where can he get them?
- Write to MRW and get info.
-
Presentation
"Rev. George" Hotelling: "Wardialing in the 21st Century"
Wardialing seems like something that just isn't considered anymore,
by white hats or black hats; because of this there has been a lack of
research in the area in recent years. The Reverend will present his
findings on the current state of war dialing, including an explanation
of the tools available at:
http://george.hotelling.net/projects/phonedump.php
and an overview of his findings from wardialing in southeast Michigan.
[Insert obligitory "Wargames" clip]
Why Bother?
The Internet has the most obvious targets and is easy to scan
Internet hosts are obvious to IT and are easily scanned for vulnerable
services to update.
Modems are harder to scan and more often overlooked.
"90% of the host I get into are through a modem." -- Anonymous black hat
Script kiddies need not apply; actual thinking is needed.
Internet Targets:
Behind firewalls
Scanned by Nessus/ISS/etc
hardened against internet attacks
Modem Targets
Often behind firewalls
Provide service for entire companies (i.e. modem banks)
Often forgotten in security audits
Often installed without consulting IT
CLECs
Competitive Local Exchange Carriers
Extablished by Telecom Act of 1995
Provide competing local service
Currently SBC and MCI offer unlimited local service, others may too
Speeding up Wardialing
163 calls/hour
61.4 horus (2.5 days)
All to find a bunch of people you didn't want to call in the first place!
What if there was some way to weed out listed numbers, assuming that modems
tend to be on unlisted lines?
phonedump.pl
14% - 24% hit rates (1465-2377 numbers found in a prefix
Translates to 9-15 saved hours
(Still room for improvement)
Scan results
Ann Arbor, MI prefix
Mixed residential/business numbers
[several examples glossed over]
Tools
ToneLoc
Free
Works
Only for DOS
No longer being developed
(boot from a floppy!)
PhoneSweep
For Windows with Access backend for data
Does automatic host detection
Pricey
Limited number of calls per license
L0pht's TBA
PalmOS based
Almost a fire and forget tool
http://www.10pht.com/research/tools/index.html
Ideas for the future
Distributed dialing
Automatic host detection
Fire and forget
Further Reading
Pete Shipley's DefCon '98 Speech
http://www.dis.org/filez/ . . .
Defensive Wardailing
Wardial your own organization; look for undocumented access points
Set up a honeypot -- find out who's wardialing you. Catch the
caller ID, if possible and log it. Put it on an 800 line, which
can't be *67-ed around.
Rumor & Innuendo (No names, please)
"All that's left of SGI is the steam on the mirror." -- S. McNealy
"Comcast isn't really happy with how much it costs to provide Internet
service."