9 May 2002

Question & Answer Sessions

Has anyone else been getting loads of test message from (Subject: Test)?

Yes. No. Maybe. Not all of us have scrutinized our spam folders that closely.

Rev. George got 50 or so similar ones; looks like they're walking his domain testing addresses.

What's the best of the 20-or-so GUI's to gdb?

This may surprise you, but ... Kdevelop has a really nice interface. Paul played with gdv earlier and wasn't impressed with it.

Anyone used one-wire temperature probes?

Troy has some sitting around and was wondering what to do with them. Paul played with the demos on their website and they were pretty straight-forward.

MJO played with one that was thousands of miles and way and got it to work in 10-15 minutes.

Where do you insert these probes, Cartman?

Ask the aliens.

Jobs? (Long term? Summer?)

MJO's brother is looking for a summer job in south-east Michigan or maybe Grand Rapids. (Computer stuff, data entry, or anything that isn't food service or Amway.)


Yes, Troy is looking for new sources of income in his role as "live-in slum-lord." Contact him if you need a place to live.

When is Paul next hosting a house-warming party?

May 18th (a Saturday). At 20:00 or so. Maybe earlier.

Apache modules for bandwidth throttling that don't suck ... do they exist?

FreeBSD 4.4 (4.3?) with Apache and mod_throttle. The SysV config won't compile and the POSIX one fills the log file with errors and/or warnings.

"Upgrade to 4.5. 4.4 was never stable. 4.3 is okay, but has some security issues. Upgrade to 4.5." -- MRW

mod-throttle _will_ work with Apache under FreeBSD. Check the mail archives for discussion on this.

Other than mod_throttle and in-kernel stuff, what is there?

You could put a delay pool using Squid. (Read the docs.)

Good deals on laptops and/or PDA's?

Second Wind PC's in Troy, MI has some deals and offers a miniman warranty on things.

(If you want a Libretto, go to eBay.)

Adaptec IDE RAID controllers (for Winboxen) ... anyone used 'em?

Their new one is supposed to be pretty good.

Anyone played with NFSv4?

Good bet that Dr. Honeyman has.

MJO hadn't heard anything about NFSv4 that was a good enough arguement for switching from NFSv3. Howver, there's a v4 splinter group that's doing remote DNA voodoo that sounds interesting (i.e. really fast).

Cheap SBus Ethernet adapters? (I.e. under $20)

eBay's probably the best bet. (MRW might have one.)

Anyone tried the various Linux firewall distributions? If so, opinions?

Dave New's played with Smoothwall for a while. IPcop has grown out of the last open source version of Smoothwall; rumor has it's as good as Smoothwall ever was and argueably better. (And it's Free!)

Where is everyone?

Probably got blown off the road by high winds.

How many cookies am I expected to eat this evening?

One more.

Troy wants to buy old video games; where can he get them?

Write to MRW and get info.


"Rev. George" Hotelling:  "Wardialing in the 21st Century"           

Wardialing seems like something that just isn't considered anymore,
by white hats or black hats; because of this there has been a lack of
research in the area in recent years. The Reverend will present his
findings on the current state of war dialing, including an explanation
of the tools available at: 

and an overview of his findings from wardialing in southeast Michigan.

[Insert obligitory "Wargames" clip]

Why Bother?

The Internet has the most obvious targets and is easy to scan
Internet hosts are obvious to IT and are easily scanned for vulnerable
services to update.
Modems are harder to scan and more often overlooked.

"90% of the host I get into are through a modem." -- Anonymous black hat

Script kiddies need not apply; actual thinking is needed.

Internet Targets:

    Behind firewalls
    Scanned by Nessus/ISS/etc
    hardened against internet attacks

Modem Targets

    Often behind firewalls
    Provide service for entire companies (i.e. modem banks)
    Often forgotten in security audits
    Often installed without consulting IT


    Competitive Local Exchange Carriers
    Extablished by Telecom Act of 1995
    Provide competing local service
    Currently SBC and MCI offer unlimited local service, others may too

Speeding up Wardialing

    163 calls/hour
    61.4 horus (2.5 days)
    All to find a bunch of people you didn't want to call in the first place!

What if there was some way to weed out listed numbers, assuming that modems
tend to be on unlisted lines?

    14% - 24% hit rates (1465-2377 numbers found in a prefix
    Translates to 9-15 saved hours
    (Still room for improvement)

Scan results

    Ann Arbor, MI prefix
    Mixed residential/business numbers

[several examples glossed over]


        Only for DOS
        No longer being developed
        (boot from a floppy!)
        For Windows with Access backend for data
        Does automatic host detection
        Limited number of calls per license
    L0pht's TBA
        PalmOS based
        Almost a fire and forget tool

Ideas for the future

    Distributed dialing
    Automatic host detection
    Fire and forget

Further Reading

    Pete Shipley's DefCon '98 Speech . . .

Defensive Wardailing

    Wardial your own organization; look for undocumented access points
    Set up a honeypot -- find out who's wardialing you.  Catch the 
    caller ID, if possible and log it.  Put it on an 800 line, which
    can't be *67-ed around.  

Rumor & Innuendo (No names, please)

"All that's left of SGI is the steam on the mirror." -- S. McNealy

"Comcast isn't really happy with how much it costs to provide Internet service."

[ Return to the SEMiSLUG minutes page ]