Forgot

Sorry. Forgot to mention, it uses some form of MODEM emulation, to change the contents of the packets so when they reach a certain point on the wire they are switched.

I think there's some confusion here between data and the PSTN networks.

Under a system like that used by Vonage or Packet8, your broadband connection has a VOIP phone connected to it which in turn calls through a VOIP -> PSTN gateway to make (or receive) calls. There is no modem emulation involved. Period. A modem operates solely on the PSTN, not your ISP's broadband network.

This is about the 5th time in two weeks I've heard the same question from different sources. I'm curious to find out what the source is spreading the rumour that this is possible.

Also, as relates to wardialing: wardialing is not dated. There are still a surprising number of carriers and other interesting numbers out there. People just don't bother to look for them as much anymore.

I agree wholeheartedly. Becuase of the number of folks out there that have dial-in access for employees, I always incorporate wardrialing into my penetration tests. These are often a FANTASTIC starting point as they tend to be forgotten about by admins.

I know alot of government agancies still use dial up, but you dial up into their vpn.

don't forget about the 950 "pretend" local call longdistance numbers.

Response

Hi,

My ISP (BT British Telecom), provides analog and broadband access down the same wire. It is possible with this ISP, I found recenty that you can break into the ADSL box and set the box to Analog rather than data servies, and thus perform this, however I sam still missing a piece.

Conventional wardialing is dead, I work for a government agency. And yes we do still provide a dial-in service for employees, it is enforced by a strict policy, you can only dia into an authentication server like RADIUS or Cisco (TACSCS) etc, which is based o a high level encryption, which then feeds into a X.500 Dir. And I will not even go into how volume IDs, CD-ROM IDs, workstation and other details are used to enfore security identification.

Further, to the helpful fellow who says I am confused about PSTN. I focus my attention on setting up MAN fiber-optic backbones using cell-streaming, but my PSTN skills are not to bad!!!!

The source for me was an internal memo about a contractor working as part of an penetration assessment team.

ADSL here in the states works the same way. They still deliver the signal down the POTS lines. The whole house then gets the DSL signal, then filters are placed at all termination points with a DSL & Analog jack. It's basically like the old concentrators you would use in the 70's and 80's for running a whole lot of lines down a few pairs, in theory, or even like the original use of a T1 for voice comms (24 voice lines compressed into a single signal).

This is not the case with SDSL or ISDN though.

You could not "leap" from ADSL to POTS for reasons of physic's. POTS runs @ 2-4 hrz on the pair, and ADSL runs some where about (correct me, this is off the top of my head) 100-1400 hrz.

Two separate freq's altogeather.

Could you please elaborate on this? It's a rather unqualified statement as it stands.

This sounds like a fairly standard corporate VPN setup; nothing special here. If they're connecting via a PSTN-facing modem, they can still be wardialed. Also, please tell me that you're not using the same TACACS for external authentication that you use for logging into your network devices.

Then you'll pardon my confusion as to why you would be asking to perform an analogue scan over two methods of data delivery that are mutually-incompatible at the physical level without using a gateway of some sort to bridge them.

If this is honestly what your contractor said, I am going to go out on a limb, call him incompetent, and recommend that he be fired immediately for making such a grossly inept statement. Unless, of course, there's some crucial piece of information here that hasn't quite made it over to your post which may be wrongly influencing my judgement.

skroo

Just because you don'y know how to do this, does not make it impossible. You sould ust not jump and say it is impossible, that is not the hacker way (if you call yourself one).

I found out today that, he was connecting to one of BT's modem pools at the other end of his broadband connection, and initating the scan from there. So technicially he did not start it directly from his PC.

Unfortunately, I can only answer the question as it is posed. If it's missing pertinent information, don't expect an accurate answer. Very simple.

"I once heard it was possible to conduct an analog scan over a Broadband connection."

Those are the (rather vague) words that set this whole thing off. Please explain to me what is so unambiguous about that that it would tender the reply you seek. I am sure that with your stated professional experience, you are well aware of the necessity of providing full and lucid information in any troubleshooting or research process.

And now that it's taken 12 posts to get to this point, here's your answer (which, really, you just provided): BT left a Portmaster (or similar) open to the outside world, your friend got onto it (most likely via telnet), and probably started using the (IIRC - it's been a while) outdial command. Hooray. Three days to write a reply that doesn't even stretch to two lines.

Either way, see my previous comment re: missing facts, which in this case there quite clearly were. Don't expect to receive a valid answer if you don't provide all the pertinent facts before typing; we're not a pack of sodding mind-readers here.