First off I do NOT want anyone to post how to hack just enough tech info to know if it is possible, how much risk and the technical reasons see I can highlight them to my superiors.

Scenario - NT4 Network, several LANS linked with BT kilostream lines, before the BT lines their is a firewall and encryption so everything seems fine, here comes my worry.......

We have just had an extra LAN connected internally to one of our servers ( 4 machines running Win ME) so no apparant security risks that I am aware of (apart from physical access)here we go....

These 4 machines are each connected to a telephone line, they can then dial a piece of Weather equipment many miles away via the Weather equipment having a mobile phone number, once the link is created data is then sent down to the 4 machine LAN then onto the Secure NT 4 WAN.

Allegdly there is no risk because we are not using the internet and a hacker would need to know the phone number and even then he proberly wouldnt be able to get in via it. This is my main worry, I know hackers can port probe on the net but is their a way they can probe an exchange or anything like that as once onto the Win ME LAN their is nothing to stop access to the secure NT4 WAN.

Many thaks for any assistance. http://www.PCGuide.com/ubb/smile.gif

My understanding of your setup is that none of the machines actually has a connection to the internet?

If there is no connection to the 'Net then it would be very hard to hack from the outside...

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Gun Control...hitting what you aim at!

If I understand your question, it would be practically impossible to get into the system, I can't think of any way to do it http://www.PCGuide.com/ubb/wink.gif but nothing is impossible...

------------------
When all else fails, read the instructions.

I think back in the day there was something called "wardailing": ringing random phone numbers looking for listening modems. Sort of the modem version of port scanning. I don't really know anything more about it, though, and I don't even know if anyone still does it. Besides, wouldn't the modems have to be configured to accept inbound calls? It doesn't sound like yours are, right?

Paul
~{:-)

I agree, as far as I know it would be very difficult to near impossible without an Internet connection being part of the picture. To get into the system a person would have to figure a way to also tap into a phone line, which is essentially a closed two party call, same as a normal phone call. Not quite the same as a virtual connection on the net, by way of communications ports, it's a physical connection by way of wires...

------------------
Support the right to keep and arm bears.
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.geocities.com/paleopete/)

skhips,
It wouldn't be possible to hack if you aren't connected to the internet. What could happen is what you might call phreaking. It is still done, but you stand no more of a chance of that than your normal phone # would be used for those purposes. Even then you would know it when you got your next phone bill. There are war dialers still used like was mentioned in a previous post, but the open source code isn't updated like it used to be, so I wouldn't worry about it.

Only way i can see it done ( via your description ) is for someone to have the no# of the weather machine you're connecting to; they could reroute the signal to their own phone connection, fooling the systems into thinking they were talking to the weather machine when in reality they were talking to another system. But for this to be feasible the hacker would have to know the no# you use, when the connections are made, and have physical access to the company line(s) to place a tap. In other word it would have to be someone who works/worked there and is famaliar with the routine. Not to mention geting around the firewall and internal LAN setup.



------------------
iisbob
"Soap and education are not as sudden as a massacre, but they are more deadly in the long run."

"Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." --Albert Einstein (1879-1955)

Now, you got me wondering........

you guys have some top secret weather stuff your hidin' ?????

like ozone control or somethin'??

inquiring minds want to know!

hehe

http://www.PCGuide.com/ubb/wink.gif

------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)



[This message has been edited by sea69 (edited 08-15-2001).]

Many thakns for all of your comments, I will do a bit of reading up on War dialling but it sounds from all your posts that it shouldnt be a threat.

Many thanks for the quick response, it is greatly appreciated.

If I find anything out while researching I'll keep you all informed.

http://www.PCGuide.com/ubb/smile.gif

Man I don't think it's weather at all. Probably a spy with a telescope. Hehehe.

------------------
......Indecision may or may not be my problem......
...... Kickin' A Rock....

Well as far as I know it would be a one in a million chance that someone could wardial into either the mobile or the NT4 connection, there are ways to 'hitch-a-ride' on the connection between the two, but ONLY if they knew where the mobile was, the transmitter from the NT4 machine and some serious hardware, but other than that it seems pretty safe. (But thats just my guess) http://www.PCGuide.com/ubb/wink.gif

------------------
Napster - Shoplifting, with a fraction of the guilt.

One thing to consider.....


With a modem connection the 4 "unsecure" computers can dial out to an ISP. The problem here is that an inside employee will connect to an ISP and while thier connected it's possible for your network to be accessed.

Hope this helps http://www.PCGuide.com/ubb/smile.gif

------------------
Comment heard from a Klingon programmer.

"Our users will know fear and cower before our software! Ship it! Ship it and let them flee like the dogs they are!"

Thanks GH, gives me an excellent reason to investigate their machines a bit deeper.

http://www.PCGuide.com/ubb/smile.gif

We are all familiar with CBs and walky talkies and I am sure most of you are aware of scanners. A cellphone is simply a walky talky that uses a password for direct unit connection. These passwords are like phone numbers only for our familiarity.
Take a look at this scanner (http://www.radioshack.com/product.asp?catalog%5Fname=CTLG&category%5Fname=CTLG%5F001%5F002%5F007%5F000&product%5Fid=20%2D432) and understand that cellphone frequencies can be brought in by just about any mildly talented radio geek. Not a bad price for upload and download ability eh.
If you dig a little deeper, they offer a handheld that has about the same features.

------------------
If I tell you to think for yourself, then your not doing it.

[This message has been edited by bassman (edited 08-18-2001).]