ABSTRACT
Given all the movement toward packet-based data communications, one would think that modems and
dial-up communications would wither like the communist state. Clearly, that is not the case. There are
many reasons. Sometimes, “rogue” employees want to communicate outside of corporate guidelines;
servers, power reset devices, HVAC, fire alarms, certain medical equipment, and many other devices may
still need to be accessed via dial-up. Some routers and DSU/CSUs are out-of-band addressable (i.e.,
maintenance via dial-up can be performed when the primary link is down). All these points of contact
through the PSTN (public switched telephone network) represent an open target for war-dialing. The
dialers have gotten sophisticated, using massive hacker dictionaries that often crack applications quickly.
Modems are often left in auto-answer mode, so the war dialer is able to collect active numbers during the
night. The hacker has his “cup of joe” and a “hit list” the next morning. The bottom line is that any
organization without strong controls over dial-up lines and the voice network has a serious back-door
exposure. Further compounding the remote access problem is unauthorized use of pc anywhere and
similar products. Remote access products can be set up with little or no security. With thousands of
employees, many of whom may want to access personal files on their workstation from home, it is likely
that unauthorized modems/software will exist somewhere inside the network.
