Jump to content


Photo
- - - - -

ModemScan & Location

modemscan wardialer wardialing modem location caller id

  • Please log in to reply
11 replies to this topic

#1 Zenys

Zenys

    Will I break 10 posts?

  • Members
  • 2 posts
  • Country:
  • Gender:Male
  • Location:The South

Posted 15 August 2014 - 10:34 PM

Hello all, nubie alert.

 

I recently was able to setup the war dialer ModemScan on my old Win XP eMachine, and have just been dialing known numbers like my cell phone to see what happens. 

When I dial out from my PC to my cell, my home phone number appears on my cell, when answered it is empty air with some very very faint beeping in the background.

 

Now, I've never took it into consideration before, but was this always true when war dialing in the past? If you were war dialing from home that was the number that appeared

to everyone in the dial list? I guess that's why going to some other location to war dial was the preferable thing to do? Or not calling locally either I suppose? I might be even

using the wrong tool for just general old school war dialing, since it seems ModemScan is just that, a scanner for open modems, although it does give a log for BUSY, NO ANSWER, etc.

 

I thought I had seen in some penetration test book that going into the Windows Modem options and putting *67 in the "dial for outside local calls" would hide the caller ID, but I've not had that happen so far in my experiments. Basically my question boils down to is, if you are going to war dial from home, then there's no means of hiding the fact that its your home phone number you are dialing from?



#2 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,095 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 16 August 2014 - 12:46 AM

The *67 just blocks caller ID on some local carriers. Find out who your local carrier at home is, then find out what key combo thy use to block caller ID. Keep in mind, this only blocks caller ID and does not work for ANI. I read about spoofing ANI back in the 90's and it was pretty difficult, I didn't have the means or technical knowledge to it at the time. So... just keep in mind, blocking caller ID is different form ANI which is used by most commercial telco equipment.

 

Use a comma after each code in your modem string to create a pause.: 67,5551234

 

Also, you are not anonymous at all. You can bet your number is popping up on a list with your local exchange carrier if you dial too many calls with your war dialer. So, I'd keep it at hour sessions at the longest and divided those out for at least 24hrs. I've heard stories of telco company security agents teamed up with law enforcement showing up for nothing more than war dialing. I've done it though, and never had that happen. But just be aware it is possible to happen. 

 

War dialing is fun to say the least. I've some across some pretty cool stuff. Just know you're not anonymous at all from your own phone line. And bet that the telcos have lists that automagically call their attention when a ling war dialing session is going on.

 

EDIT: fuck auto-correct on a computer. Haha!


Edited by tekio, 16 August 2014 - 12:47 AM.


#3 ThoughtPhreaker

ThoughtPhreaker

    BinRev veteran

  • Members
  • 1,216 posts
  • Gender:Male

Posted 16 August 2014 - 01:32 PM

For what it's worth, *67 doesn't actually block anything. When you receive caller-id, you're getting CPN; it's one of the two ANI fields your switches passes. What it does do is add a bit that's transmitted along with those two fields, instructing the switch not to give it to subscribers. For the most part, that's all you need, though; one of the biggest problems you'll have are people calling back and going OMG BRO Y U CALL ME????????//. A lot of residential lines come with anonymous call rejection service now, so usually that doubles as a good way to avoid ringing their phones.

 

The other problem is slightly more serious; PSAPs. Basically, they're regular numbers that forward to 911. The county you live in will probably publish at least a good few of them; do a search for "(your county here) county public safety answering point", or something along those lines. Tell your wardialing software to skip over them if they're in the exchange you're dialing. To be safe, you could probably also skip 0911, and 9111 in the exchange you're dialing as well, along with any published police/fire/hospital numbers.

 

Back to your problem with the modem, though; if *67 works for you dialing normally, there's no reason why it can't work for your modem. To the switch that processes your phone calls, it literally looks no different then a normal person picking up the phone and dialing. You'll want to look for options similar to the "dial an outside line code first" thing in your wardialing software instead of the Windows modem settings box. If you're using a phone line from Centurylink, there is a way to spoof CPN from it pretty easily, but it involves call forwarding and one of the anonymous call rejection IVRs. It'll slow your wardialing process down to a crawl, so probably not practical in this application. If you'd like to use it for normal calls, here's how you do it;

 

1) Forward your calls - using selective call forwarding or whatever you may have available to the number you want to dial

2) Call the update center; *78, or 888-(your area code)-8052, and make sure anonymous call rejection service, or whatever they call it (it'll be the third feature in the menu) is enabled

3) Dial *67, and dial your own phone number

4) You'll get a recording saying the number you're calling doesn't accept unidentified calls. You'll be given the option to enter the number you're calling from.

5) Holy shit, it spoofed!

 

Just keep in mind, there's two anonymous call rejection services. One of them you enable with a *xx code; there's no option to enter your own phone number there, so don't use that one.

 

As for telco security? As someone who has done quite a bit of handscanning from quite a few phone lines, I'm pretty sure they don't care. Unless you're harassing people or performing some kind of fraud, you probably don't have anything to worry about.

 

That being said, pick up the phone you're going to be wardialing from, and dial 1-700-555-4141. You'll probably get a recording saying something like "Thank you for using Shadytel Long Distance". If the recording you get says anything about MCI, you may want to avoid wardialing from them; that's the one long distance carrier I've heard actually complain to someone about sequential dialing.

 

Other then that, have fun! There's a lot of cool stuff out there to find. There's plenty of modems out there, but just keep in mind you'll hear a lot more if you're listening with your own ears, and choose very specific parts of a range. Look into hand scanning if you're curious.



#4 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,095 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 16 August 2014 - 02:00 PM

 

 

 You'll want to look for options similar to the "dial an outside line code first" thing in your wardialing software instead of the Windows modem settings box

*67,<phone number> 

 

The Hayes AT Command Set recognizes that as a two second pause. *67,5551212 -vs- *675551212

 

 

 

As for telco security? As someone who has done quite a bit of handscanning from quite a few phone lines, I'm pretty sure they don't care. Unless you're harassing people or performing some kind of fraud, you probably don't have anything to worry about.

https://esupport.fcc...form1088.action

 

 

The FCC’s rules protect against unreasonable telemarketing practices by:

  • limiting call “abandonment” by telemarketers to no more than 3% of all telemarketing calls over a

    30 day period; and,

  • prohibiting “war dialing” 

 

 

(7) Use any technology to dial any telephone number for the purpose of determining whether the line is a facsimile or voice line. 

http://apps.fcc.gov/...6?id=6514382495


I'd limit my activities. No need to draw attention where it's not needed.


Edited by tekio, 16 August 2014 - 02:15 PM.


#5 ThoughtPhreaker

ThoughtPhreaker

    BinRev veteran

  • Members
  • 1,216 posts
  • Gender:Male

Posted 16 August 2014 - 02:36 PM


 

The FCC’s rules protect against unreasonable telemarketing practices by:

  • limiting call “abandonment” by telemarketers to no more than 3% of all telemarketing calls over a

    30 day period; and,

  • prohibiting “war dialing”

(7) Use any technology to dial any telephone number for the purpose of determining whether the line is a facsimile or voice line.

 

Well, who says you're wardialing? Maybe you're doing this all by hand - they don't know ;P

 

Seriously, though. Some wardialing software lets you randomize numbers within a range instead of dialing sequentially. Use that if you want, but maybe have it just dial during, say, weekdays 8:30 AM to 5:30 PM? Typical work hours, plus a short commute. Since the majority of people will be gone then, it'll minimize the amount of people who'll get annoyed - and certainly woken up by your activity.



#6 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,095 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 16 August 2014 - 03:12 PM

A modem will usually beep, to initiate a response on a dead line. A dead line meaning no carrier has responded when the phone is picked up. If you listen when a person picks up, the modem will beep to try and initiate the handshake.

 

Probably nothing will happen, you were correct. Unless the telco company gets a lot of complaints. I don't think the average person knows they can fill out a complaint with the FCC.  I was just saying, drawing the least amount of attention is best. Especially when curiosity can cross the line of legality, in the eyes of the law.

 

Yes, randomizing is a big help. Great for pointing that out. It's really suspicious when a business has 10 different number like: 5110 - 5119 and all of them ring, one right after the other.  I think a business would be most likely to complain anyway. 

 

I never knew about the PSAP. I can see war dialing emergency lines as a big issue with the FCC. Haha!



#7 Zenys

Zenys

    Will I break 10 posts?

  • Members
  • 2 posts
  • Country:
  • Gender:Male
  • Location:The South

Posted 18 August 2014 - 06:55 PM

Thanks for both of your explanations and information, I appreciate it. I suppose I should give some more information; *67 does work on my home phone, my service is ye olde AT&T, the modem I am using is a Conexant 56k V.92 "PCI Soft Data Fax Modem with SmartCP". I have read people saying that they believed using an older modem was superior for wardialing, I don't really know anything about this modem if it's even capable of much. I know it does have a modem assistant which can do AT commands. I did a very, very brief scan of a neighboring city and received a hello, so I began considering the need to possibly appear less identifiable to average folk if I were to continue. 

 

My main reason for the *67 as you stated above was the "OMG BRO Y U CALL" stuff. I live in a rural area and was mostly just curious about old school phreaking techniques and just general curiosity, which I guess is how it all starts hah. I'm not familiar with handscanning, although I'm intrigued? The only caller ID spoofing I ever accomplished was via Voxox, which lead to some humor at work. 

 

ModemScan does randomize the sequence, and I was trying to avoid emergency ranges although I wish it had an easier "ignore XXXX" ability. My only reason for using ModemScan as it is the only war dialer I've been able to properly setup, I can load ToneLoc and THC-SCAN into DOS from XP but always seemed to get a "NO CTS" and "failed to initialize modem" errors so I figured my modem was the culprit, either being too new possibly or it being set to COM3 for some reason.

 

Anyhow, thanks for the responses and insight into the matter.



#8 jfalcon

jfalcon

    Hakker addict

  • Agents of the Revolution
  • 592 posts
  • Location:Living within the ether

Posted 19 August 2014 - 01:12 AM

You might want to check into cheap VoIP providers outside the US where it passes garbage for the ANI/CPN.  Some even have unlimited US dialing.



#9 systems_glitch

systems_glitch

    Dangerous free thinker

  • Moderating Team
  • 1,642 posts
  • Gender:Male

Posted 19 August 2014 - 08:52 AM

You might want to check into cheap VoIP providers outside the US where it passes garbage for the ANI/CPN.  Some even have unlimited US dialing.

 

Or just a cheap VoIP provider + prepaid card. IIRC there are SIP wardialers floating around, so you wouldn't need an ATA.



#10 ThoughtPhreaker

ThoughtPhreaker

    BinRev veteran

  • Members
  • 1,216 posts
  • Gender:Male

Posted 22 August 2014 - 01:12 PM

I can't speak with any certainty, but with AT&T you probably won't have to worry about anybody within the company raising eyebrows.

 

the modem I am using is a Conexant 56k V.92 "PCI Soft Data Fax Modem with SmartCP". I have read people saying that they believed using an older modem was superior for wardialing

 

I think US Robotics Courier modems are considered ideal for this, since they have the ability to return somewhat detailed results of what's on the line from their hardware DSP. Softmodems could easily do just the same, since all the processing is done by the host machine; literally all a softmodem is is an audio interface. I don't think anybody has, though.



#11 edison

edison

    H4x0r

  • Members
  • 31 posts

Posted 29 August 2014 - 07:00 PM

WarVOX is a IAX wardialer that does audio analysis to determine the terminating line type. 2.0 isn't ready for prime time apparently, but that's the way I'd go.

 

There's also iWar, but that's just a unix-based regular war dialer.



#12 jfalcon

jfalcon

    Hakker addict

  • Agents of the Revolution
  • 592 posts
  • Location:Living within the ether

Posted 29 August 2014 - 11:39 PM

Or you can do what I'm doing and get a old modem terminal server (Portmaster or Cisco AS5300), write some scripts to go massive parallel and find a VoIP provider that let's you really load up on channels.  There is a version of iWar that does talk to rfc2217 modem pools, but it's also just as easy to write one in a scripting language that sends the results back to a database.

 

Sometime this winter, I'll hook up the applecat I got a couple years back and see what it can do and video the results.  Might be interesting how well it works since it supposedly could detect bells and whistles and other interesting things.







Also tagged with one or more of these keywords: modemscan, wardialer, wardialing, modem, location, caller id

BinRev is hosted by the great people at Lunarpages!