Results 1 to 7 of 7

Thread: To phreak or not to phreak?

  1. #1

    To phreak or not to phreak?

    Ok guys, I have read to many damn how to guides out there talking about hax0ring a pbx in order to grab free long distance. Maybe it is because of my distain for thieves that i write this, or maybe because I don't want to see anymore kids get themselves and friends in a lot of trouble. So, here is a quick overview of telecom in how this **** works. The main thing to remember is that even though a dedicated line (T1) does not work like the POTS system it still has an ani that is generated when placing a call. This means if you do manage to crack into a mailbox that allows relaying, the telco provider (as well as the pbx) can and WILL detect this type of traffic. This goes for destination and source of the number. So, if a company that has a circuit setup all of a sudden finds out that it has an extra 7000 minutes long distance added up it can easily find out the numbers that were terminated at the location (you can figure what happens next). It is true that most telcom switches only keep logs for a certain amount of time....but they also run filters in order to pick up on "trends" (this works in the same way a IDS system picks up a port scan). The idea of running a pbx like a proxy in order for anonymity is bullshit. Maybe they will never notice....or maybe they will pick it up in a heartbeat. So, please....before you play around make sure you know what you are getting yourself into. I plan on posting some more "educational" material here in the future (hey...holiday time and I am an insomniac by heart). I was wondering what type of material people wanted to be posted? Well...happy holidays and I'll be around.

    Cordially,

    Sp1d3r


    ps. When the hell is someone gonna fix the bug with the IRC client....

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    185
    We need to have some informative posts that highlight the reasons that people should *not* be engaging in illegal actvity here on AO as well as some good info on avoiding being victimized by these sorts of things.

    Welcome to AO, and please... by all means share your information of a security nature if you like.

    Oh.. and Merry Christmas to you.
    Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.

    Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.


  3. #3

    PBX rules to live by

    Ok guys! While I sit and ponder why the hell I just stripped a screw to the battery of my car I figured I would drop a line. First, lets decribe some terminolgy. A pbx (private branch exchange) is a system designed to route telephone traffic within any given system. Most large companies will have multiple spans (or T1) that will run through this system. All of us have dialed 1800 numbers and recieved automated msg(s) that prompt us to hit keys to reach certain people. Well, this is the pbx. Most systems will have a public mailbox setup that allows it's employees to log in and dial out to the company if need be. Like one instance with a service that I ran into. By hitting # (and misc number) I was prompted for a password to access the box. Once I got the pwd....I was able to access all the features....including dialing out long distance or whatnot. Of course, this problem was corrected quickly after notification. But the lesson will remain the same for all systems regardless if it be data or voice. STRONG passwords. Unfortunatley for telecom you are limited to digits on a phone pad but there are things you can do to protect yourself. One, make sure you have a good provider (most telco providers can setup international restrictions on long distance as well as filters for catching the "party line effect" that curves your monthly bill). Two, make sure that you only have one single mailbox that will allow for people to relay. This will make it nearly impossible for somebody to "guess" what the magic word is and also allow for you to monitor who uses the box (in case an ex-employee decides to leak the information). The voice and data industries are pretty much integrated but the security risks on both of them remain almost identical. Well....back to trying to get that pesky bolt of the battery. Will write more interesting stuff later (I know that telephone lines aren't the most interesting thing in the world.....maybe smtp or dns?) Please advise and give me some ideas.

    Cordially,

    Sp1d3r

    ps. Ummm, Am I trully doomed to be "guest" forever on IRC?

  4. #4
    Junior Member
    Join Date
    Dec 2001
    Posts
    23
    I agree with Uber COder to some extent, but we as security officials what to do and how to do it. We are not criminals but information seekers what we get is a bad wrap on everything. So what if we know how to box or phreak we dont wreak havoc on the phone companies, they rag on us.

  5. #5

    Thin Lines

    Welcome to AO? I have been lurching around for awhile. Mostly on the chat forums. I tend to stick towards live chat due to the fact it is quicker and more responsive. But regardless, I understand the idea and eagerness for people to learn. But the one thing to remember is that regardless of what the intent is....if you do something wrong...it is wrong. I am happy to teach what I know and learn about things I don't. I would just like to have an understanding of what people would like to hear about so my posts do not turn into broken records. There are a lot of interesting vulnerabilities out there that can be simulated with your own systems. Remember, the first rule of troubleshooting any type of issue is the ability to recreate the problem in the first place. Once you do this, you can create appropriate fixes to the system. I was just wanting to show those out there some of the things I have been able to recreate and even some of those that I just ponder about. After all, knowledge comes from all sides of the spectrum. Well....finnaly got the battery charged on the cam so off I go. C U laterz.

    Cordially,

    Sp1d3r

  6. #6
    Junior Member
    Join Date
    Dec 2001
    Posts
    21

    Phreaking Lives?

    hey SpiderW - I, too have read a lot of out of date files on phreaking and would be very interested in any current telecom information.
    I wonder if the power-phreaks of the old days are still around....

  7. #7

    Telecom

    Hehe...... I know what you mean....I was reading the other day about how to tap into payphones and run a wire to another location. Of course, you may be able to find a phone somewhere in Germany that allows this but none in the US. Regardless, most of the information on phone phreaking has evolved the same as with IT in general. Of course, the POTS system (analog lines) has pretty much stayed the same the last couple of years. There are a lot of interesting new technologies such as DSL and VOIP that I think everybody should look into...most people that are interested in networking would probably eat it up. If you are looking for a tutorial on phreaking in general? Hmmmm, no can do....I can give you some ideas on how to increase security for an integrated solution or maybe some fun tricks you can play with the phone systems. I think that would probably be played out best on IRC since there will be to many questions to answer for a post. That is, of course, if the chat nazi doesn't have me shot first J/K Louie. Well, I'll be around.....I'll keep in eye out for any good tutorials on telecom if you like....of course, I recommend just grabbing a good book (like telecommunications survival guide). Besides that, you would be hard pressed to find direct information on specifics like you would with TCP/IP or whatnot....but I'll take a look.


    Cordially,

    Sp1d3r

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •