A Newbies Guide To... Phone Scanning +------------------------------------+ v1.0 Phone scanning is simply ringing lots of numbers on a phone to see what you get on the other end. War dialling is another phrase often referring to something similar but personally I class war dialling as using a program (war dialler!) and a modem to dial the numbers where as phone scanning is manual dialling. Many interesting things can be found on the other end of the string and sequentially exploring numbers is one efficient way of finding free internet accounts, out dials and a whole host of other fun. Unless you're rich you'll probably only want to scan free-phone numbers since if you do find anything interesting you'll want to dial it more than once you'd soon run up a huge phone bill, not to mention the minimum call charge on hanging up after a few seconds. There are many free phone numbers to play with, these include the famous 0800 and 0500 numbers but taking a peek in the front a phone book will supply you with more uncharted numbers. Since each number is made of a 4-5 digit area code and a 6-7 digit number plus the good old (but falsely secure) 141 a number is on average 14 digits long, this means a full scan would be 10 000 000 000 000 phone numbers and so 1 000 000 000 000 000 000 000 000 000 key presses - ouch! This is why you'd only scan 100 or 1000 number ranges at a time. Which numbers you choose is important, if someone else has already done a scan of that range its pretty useless to do it again unless you're updating it or learning the technique. As I mentioned earlier free-phone numbers are the norm, you may have read that the 0800 89 range are non-British numbers (i.e. they ring up places like America for free) and so can be interesting to see how the other side lives, they're also quite packed with working numbers since every company and their dog want a link to our wonderful homes. If you're looking for out-dials then UK numbers are more sensible since you only need to dial the UK number (assuming you want to ring the UK) and not bother with the +44 country codes (shut the gate behind you) and other annoying stuff. Once you've chosen a target range just try about 10 random numbers in that range and see what you get, if they're all errors then there's no point in scanning that range but if you come across interesting systems - PBX's, VMB's, Modems etc then it's a good list to scan. It's because there are so many numbers that it's a good idea to use a phone a phone with memory (if you're scanning from home, phone boxes don't have this feature!) so that you can pre-program in the start e.g. 14108009999 and then just key in the two digit number to save your fingers. If you come across voice numbers (Humans on the other end) then you have two options, you can either do your best Forest Gump impression and claim it's a wrong number or you can just put the phone down, I've learnt that the second option is the best normally but if you're scanning sensitive numbers e.g. BT internals, military etc then it looks like Fisher's Carpets have missed one or two calls because of wrong numbers :) If you find a screeching noise then it's either a modem or a fax, the best way to find out is to use your favourite HyperTeminal style program and give it a ring, if it connects then it's a modem but if it hits a loop of a silence and a long screech followed by a "warble" while trying to connect then it's a fax. Make a note of anything that is sent from the modem eg !lOg1n: since this can help you identify the operating system and thus any default user/passes that will let you in, if you don't have enough information what the system is then take a peek on the net and do a search for the response that you got and you'll probably find the right information. PBX's can be identified by a sexy woman/man telling you to dial the extension if you know it and VMB's can be identified by someone telling you they're not at their desk (how I hate that phase!) and could you leave a message after the tone. Make a note of either system and read up on breaking into such systems from the millions of texts that already exist - there's no point in me telling you how when someone already has! If you are scanning from home then only dial about 50-100 numbers at a time, your telco will get suspicious if you ring 4 000 numbers in one night and place a line monitor on your line to capture every single button you press. Should you find a tone make a note of it and come back when you're more experienced than reading this text, since it takes a trained ear to distinguish just what that annoying bleep can be used for. Yet another option that you may come accross are errors, they range from the useless BT message "Sorry There Is a Fault" to a nice message saying that "xxx-xxx-xxxx has moved", I make an abreviated note of these along with any codes that are given after the error (see my scans for examples) but for speed a simple -------- could represent an error for a large/quick scan. Other tips that I can offer include using a speaker phone to dial with to save your red ears, the only problem this brings is that the other party may get a message full of taps as you hit the keys trying to find the login sequence which can alert the careful ear to a possible break-in. and to ring your targets out of business hours (remember that the USA is 8-4 hours behind us), from experience this means you'll find a lot more VMBs that you can use since the phones are normally manned when there are people there. These numbers can be quite useless if you can only use them at certain hours but are good for practising your VMB techniques. For logging the numbers you've dialled I've found that a text file with the numbered range works quite well e.g. 00 - 99 more advanced methods include spreadsheets or databases for logging more that just the type of number but they're not very distribute-able if not everyone has your spreadsheet app. There is a lot of debate on where you should scan from, some people prefer the safety of a Phone-box but this text is bias towards the comforts of home scanning, pads of paper or laptops can look suspect in a phone-box so be careful where you're scanning just as a voice from you're room telling you "hat number doesn't exist" can sound bad to your parents/flatmates/gold fish. This text is designed to provide an insight into some of the finer techniques of phone scanning and is aimed at the newbie level (hence no big words :) ) Phone scanning is like exploring the jungle with a white object stuck to your ear and can be interesting for anyone that has the time to waste. NeonBunny the_neon_bunny@hotmail.com