Comments on: WarVOX 1.0.1 Released – Telephony Analysis & War Dialing Suite

By: erleko

erleko — Wed, 01 Jul 2009 22:17:25 +0000

ye s you will be caught and prosectued.

By: Bogwitch

Bogwitch — Fri, 05 Jun 2009 15:07:06 +0000

As with all forms of penetration testing, without the system owner’s permission would be illegal (in most contries)

If you try to run a war-dialler without permission from the target owner, expect to get v&

By: annon

annon — Fri, 05 Jun 2009 01:37:05 +0000

ok my question is: is this legal? because i see it just as war driving only by using ur dial up modem as the “beacon”… thing is i have heard that after the “phone phreaking” age implementations were put in so users could not war dial and if they were caught doing so they might be punished to the full extent of the law!?! am i wrong in saying this might be gray area sofware? I would like to know seeing as how im interested…

thanks in advance

By: send9

send9 — Thu, 28 May 2009 16:55:52 +0000

Navin: It’s important for many of the reasons you stated. People secure their Internet-facing hosts, but forget about their back-up dial-in modems. Vendors will come in and put a modem on their router/equipment/HVAC system for maintenance purpose without telling the organization, as well. Oftentimes the organization is lulled into a false sense of security, without being aware that this threat exists. They will perform their own security audits, but will not include their dial-in lines. It’s just an area that’s often missed, and one where pen-testers will often have a finding, whereas everything else is in perfect shape. Is it as important as a decade ago? Probably not. But it’s certainly very important.

And to add to that, there’s not a whole lot of good war dialing software on the market. There are the classics like THCScan and ToneLoc, but they don’t perform a whole lot in the way of intelligent detection of carriers and just don’t scale well for modern environments or larger pen-tests. And then there’s Sandstorm’s PhoneSweep, which is buggy and expensive. So to see something like WarVOX, with its new approach and focus on using VoIP, is pretty exciting.

By: Bogwitch

Bogwitch — Thu, 28 May 2009 11:52:59 +0000

Hi Navin,

You’re right to say it’s not as relevant today as it may have been in the past however, there are still some legacy systems that are connected via modems, some ‘emergency access’ points, some network infrastructure and some SCADA stuff.
The ability to detect PBX, voicemail etc gives an additional avenue where social engineering can be exploited, too.

By: Navin

Navin — Thu, 28 May 2009 07:54:16 +0000

OK, I just wanted to ask this to someone who actually knows, so I’ll just blurt it out…..

is wardialling really still really as important as it was a decade or two ago?? I mean I do know tht many greats started off with stuff like wardialling, but whts really the use of a traditional wardialling in todays scenario of high speed broadband internet??

please someone clarify……sorry if this seems like a n00b question