Asterisk for wardialing and caller ID spoofing

Hello all,

I am looking to set up an asterisk server for the purpose of war dialing and caller ID spoofing specifically. I work for a firm that provides network security soultions including penetration testing and social engineering services. We are looking to use asterisk to provide our own VOIP services. I have looked into using an contracted VOIP provider but we are unable to due to the fact that many of these providers record call data and we are often using confidential customer information. I have almost no expirience with any of this technology and was hoping to get some insight on where to begin with this project. A few requirements…

-Our war dialing software requires the use of the IAX but I would like to have the option of using SIP to place calls.
-We only need to be able to make outgoing calls for our purposes.
-I have a server to use for this purpose but what other types for hardware requirements am I looking at.

Thats all I can think of for now.

Thanks in advance for any advice!

Not sure I understand what you want to do. You want to place PSTN calls or SIP/IAX ones? how many calls do you expect to be placing?

Sorry I had a feeling that was going to be confusing. I need to be able to place outgoing SIP/IAX. Some of the calls will need to be caller id spoofed which from what I have read is easier to do over SIP and some will be wardialing calls(for finding legacy modems for large corporations that may have been overlooked over the years) which must be placed over IAX.

The number of calls we are placing is going to be small (less the 100 a month, possibly more if we have to wardial a range of a thousand or something).


I know this post is a little dated but I just came across it while googling for something else.

I was a sysadmin at a penetration testing company (so understand your requirements) and set up a similar system to replace our old analog 56k modem machine running iwar.

We moved over to using VoIP earlier in the year, and naturally as a wardialling job came in I started researching how we could do this using our voip system.

Our VoIP server is running off-the-shelf Kerio Operator (which essentially is a user friendly web interface wrapper around Asterisk on Debian). The problem with this is that IAX is not supported by the Kerio guys and I didn’t want to mess about with it, as we have about 30 phones in constant use with it.

So I built a vm on the VoIP VLAN, with Debian, Asterisk and HD Moore’s WarVox (compiled from the github repo). As WarVox uses IAX only, I needed to set up a local asterisk server to bridge from IAX to SIP, to be able to route calls via the Kerio box.

It worked like a charm. Doing 10 simultaneous calls on a range of 1000 numbers, was done after hours and nobody lost any sleep. Even worked out to be cheaper than using the analog phone lines (although we ran old and new in parallel to compare the results).

I do still have the config files, so hit me up with a pm if you want to play about with them. It took about a day of research and reading through asterisk manuals to get it working, so it might buy you some time.

WombatDialer might work well in a scenario like this. It was not designed for this, but should be able to work with any/most existing Asterisk installs, has a flexible routing policy and is generally “configure, upload and forget”. You may want to test the free version.