Wardialing
Wardialing (or war dialing) is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers—malicious hackers who specialize in breaching computer security—for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company's telephone network.
Process
A single wardialing call would involve calling an unknown number, and waiting for one or two rings, since answering computers usually pick up on the first ring. If the phone rings twice, the modem hangs up and tries the next number. If a modem or fax machine answers, the wardialer program makes a note of the number. If a human or answering machine answers, the wardialer program hangs up. Depending on the time of day, wardialing 10,000 numbers in a given area code might annoy dozens or hundreds of people, some who attempt and fail to answer a phone in two rings, and some who succeed, only to hear the wardialing modem's carrier tone and hang up. The repeated incoming calls are especially annoying to businesses that have many consecutively numbered lines in the exchange, such as used with a Centrex telephone system.
Some newer wardialing software, such as WarVOX, does not require a modem to conduct wardialing.[1] Rather, such programs can use VOIP connections, which can speed up the number of calls that a wardialer can make. Sandstorm Enterprises has a patent U.S. Patent 6,490,349 on a multi-line war dialer. ("System and Method for Scan-Dialing Telephone Numbers and Classifying Equipment Connected to Telephone Lines Associated therewith.") The patented technology is implemented in Sandstorm's PhoneSweep war dialer.
Etymology
The popular name for this technique originated in the 1983 film WarGames.[2] In the film, the protagonist programmed his computer to dial every telephone number in Sunnyvale, California to find other computer systems. Prior to the movie's release, this technique was known as "hammer dialing" or "demon dialing", but the film introduced the method to many, such as the members of The 414s.[3] By 1985 at least one company advertised a "War Games Autodialer" for Commodore computers.[4] Such programs became common on bulletin board systems of the time, with file names often truncated to wardial.exe and the like due to length restrictions of 8 characters on such systems. Eventually, the etymology of the name fell behind as "war dialing" gained its own currency within computing culture.[2]
The popularity of wardialing in 1980s and 1990s prompted some states to enact legislation prohibiting the use of a device to dial telephone numbers without the intent of communicating with a person.
Variants
A more recent phenomenon is wardriving, the searching for wireless networks (Wi-Fi) from a moving vehicle. Wardriving was named after wardialing, since both techniques involve actively scanning to find computer networks. The aim of wardriving is to collect information about wireless access points (not to be confused with piggybacking).
Similar to war dialing is a port scan under TCP/IP, which "dials" every TCP port of every IP address to find out what services are available. Unlike wardialing, however, a port scan will generally not disturb a human being when it tries an IP address, regardless of whether there is a computer responding on that address or not. Related to wardriving is warchalking, the practice of drawing chalk symbols in public places to advertise the availability of wireless networks.
The term is also used today by analogy for various sorts of exhaustive brute force attack against an authentication mechanism, such as a password. While a dictionary attack might involve trying each word in a dictionary as the password, "wardialing the password" would involve trying every possible password. Password protection systems are usually designed to make this impractical, by making the process slow and/or locking out an account for minutes or hours after some low number of wrong password entries.
See also
- Autodialer
- Toneloc, a war dialer for DOS.
- Warflying
- Vishing
References
- "Next Generation 'War-Dialing' Tool On Tap". Dark Reading. 5 March 2009.
- Patrick S. Ryan (Summer 2004). "War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics". Social Science Research Network. SSRN 585867.
{{cite journal}}
: Cite journal requires|journal=
(help) - Vollmann, Michael T (director) (10 March 2015). The 414s: The Original Teenage Hackers. CNN.
- "MegaSoft Limited". Compute!'s Gazette (advertisement). January 1985. p. 167. Retrieved 6 December 2017.
External links
- 47 C.F.R. § 64.1200(a)(7) The Electronic Code of Federal Regulations has the most up to date version of the TCPA which appears to make wardialing a federal crime in the United States.
- Old School Hacks: War Dialing with WarVox 2009 article about using WarVOX for an internal network scan.