Download

358 Chapter 11 • Asterisk Hardware Ninjutsu; Caller ID spoofing via my VoIP provider.;exten => _5.,1,Set,CALLERID(number)=904-555-7777exten => _5.,2,monitor,wav|${EXTEN:1}exten => _5.,3,Dial(IAX2/myusername@myprovider/${EXTEN:1})You might be wondering why we don’t do a Set,CALLERID(name).There isn’t reallymuch point. Once the call hits the PSTN, the number is looked up at the telephone companydatabase and the Name field is populated.This means, once the call hits the traditionalPSTN, you can’t modify the Name field anyways. One interesting thing you can do, if you’retrying to figure out who owns a phone number is spoof the call as that phone number toyourself. Once the call reaches the PSTN and calls you, the telephone company will look upthe spoofed number in its database and display the name of who owns it.This is known asbackspoofing and isn’t completely related to war dialing, but can be useful in identifyingwho owns particular numbers.The Monitor option lets you record the audio of the call, soyou can listen later and see if anything was found that the war dialer might have missed. It’sadvised you check your local laws regarding recording telephone calls. If you don’t wish todo this, the option can be removed.With our adapter set up and Asterisk configured, we are ready to war dial! Now we justneed the software to send the commands to our modem and then we can start dialing.Several programs are available, some commercial and some open source, that’ll take over thedialing and analysis of what you find. One of the most popular is the MS-DOS–basedToneLoc. While an excellent war dialer, it requires the extra overhead of running a DOSemulator. Phonesweep is another option, but runs under Microsoft Windows and is commercial.For Linux, and Unix in general, I use the open-source (GPL) program iWar(Intelligent Wardialer). It was developed by Da Beave from the network security companySoftwink, Inc. Many of its features compete with commercial products.Some of the features iWar supports are random/sequential dialing, key stroke markingand logging, IAX2 VoIP support (which acts as an IAX2 VoIP client),Tone location (thesame method ToneLoc uses), blacklist support, a nice “curses” console interface, auto-detectionof remote system type, and much more. It will log the information to a standard ASCIIfile, over the Web via a CGI, MySQL, or PostgreSQL database.You probably noticed theIAX2 VoIP support. We’ll touch more on this later.To obtain iWar, go to www.softwink.com/iwar.You can download the “stable” version,but they suggest you check out the CVS (Conversion Version System).This is a developmentversion that typically has more features.To download via CVS, you’ll need the CVSclient loaded on your machine. Many distributions have CVS preloaded or provide apackage to install it. If your system doesn’t have it, check out www.nongnu.org/cvs/ formore information about CVS.