Wardialing

Last updated

Wardialing (or war dialing) is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers—malicious hackers who specialize in breaching computer security—for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company's telephone network.

Contents

Process

A single wardialing call would involve calling an unknown number, and waiting for one or two rings, since answering computers usually pick up on the first ring. If the phone rings twice, the modem hangs up and tries the next number. If a modem or fax machine answers, the wardialer program makes a note of the number. If a human or answering machine answers, the wardialer program hangs up. Depending on the time of day, wardialing 10,000 numbers in a given area code might annoy dozens or hundreds of people, some who attempt and fail to answer a phone in two rings, and some who succeed, only to hear the wardialing modem's carrier tone and hang up. The repeated incoming calls are especially annoying to businesses that have many consecutively numbered lines in the exchange, such as used with a Centrex telephone system.

Some newer wardialing software, such as WarVOX, does not require a modem to conduct wardialing. [1] Rather, such programs can use VOIP connections, which can speed up the number of calls that a wardialer can make. Sandstorm Enterprises has a patent U.S. Patent 6,490,349 on a multi-line war dialer. ("System and Method for Scan-Dialing Telephone Numbers and Classifying Equipment Connected to Telephone Lines Associated therewith.") The patented technology is implemented in Sandstorm's PhoneSweep war dialer.

Etymology

The popular name for this technique originated in the 1983 film WarGames . [2] In the film, the protagonist programmed his computer to dial every telephone number in Sunnyvale, California to find other computer systems. Prior to the movie's release, this technique was known as "hammer dialing" or "demon dialing",[ citation needed ] but the film introduced the method to many, such as the members of The 414s. [3] By 1985 at least one company advertised a "War Games Autodialer" for Commodore computers. [4] Such programs became common on bulletin board systems of the time, with file names often truncated to wardial.exe and the like due to length restrictions of 8 characters on such systems. Eventually, the etymology of the name fell behind as "war dialing" gained its own currency within computing culture. [2]

The popularity of wardialing in 1980s and 1990s prompted some states to enact legislation prohibiting the use of a device to dial telephone numbers without the intent of communicating with a person.

Variants

A more recent phenomenon is wardriving, the searching for wireless networks (Wi-Fi) from a moving vehicle. Wardriving was named after wardialing, since both techniques involve actively scanning to find computer networks. The aim of wardriving is to collect information about wireless access points (not to be confused with piggybacking).

Similar to war dialing is a port scan under TCP/IP, which "dials" every TCP port of every IP address to find out what services are available. Unlike wardialing, however, a port scan will generally not disturb a human being when it tries an IP address, regardless of whether there is a computer responding on that address or not. Related to wardriving is warchalking, the practice of drawing chalk symbols in public places to advertise the availability of wireless networks.

The term is also used today by analogy for various sorts of exhaustive brute force attack against an authentication mechanism, such as a password. While a dictionary attack might involve trying each word in a dictionary as the password, "wardialing the password" would involve trying every possible password. Password protection systems are usually designed to make this impractical, by making the process slow and/or locking out an account for minutes or hours after some low number of wrong password entries.

See also

Related Research Articles

In the computer hacking scene of the 1980s, demon dialing was a technique by which a computer was used to repeatedly dial a number in an attempt to gain access immediately after another user had hung up. The expansion of accessible internet service provider connectivity since that time has rendered the practice more or less obsolete.

The Telephony Application Programming Interface (TAPI) is a Microsoft Windows API, which provides computer telephony integration and enables PCs running Microsoft Windows to use telephone services. Different versions of TAPI are available on different versions of Windows. TAPI allows applications to control telephony functions between a computer and telephone network for data, fax, and voice calls. It includes basic functions, such as dialing, answering, and hanging up a call. It also supports supplementary functions, such as hold, transfer, conference, and call park found in PBX, ISDN, and other telephone systems.

Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. The term phreak is a sensational spelling of the word freak with the ph- from phone, and may also refer to the use of various audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for and by individuals who participate in phreaking.

Wardriving Search for wireless networks with mobile computing equipement

Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.

A dialer or dialler is an electronic device that is connected to a telephone line to monitor the dialed numbers and alter them to seamlessly provide services that otherwise require lengthy National or International access codes to be dialed. A dialer automatically inserts and modifies the numbers depending on the time of day, country or area code dialed, allowing the user to subscribe to the service providers who offer the best rates. For example, a dialer could be programmed to use one service provider for international calls and another for cellular calls. This process is known as prefix insertion or least cost routing. A line powered dialer does not need any external power but instead takes the power it needs from the telephone line.

Telephone call Connection between two or more people over a telephone network

A telephone call is a connection over a telephone network between the called party and the calling party.

Phone fraud, or more generally communications fraud, is the use of telecommunications products or services with the intention of illegally acquiring money from, or failing to pay, a telecommunication company or its customers.

TCP offload engine (TOE) is a technology used in some network interface cards (NIC) to offload processing of the entire TCP/IP stack to the network controller. It is primarily used with high-speed network interfaces, such as gigabit Ethernet and 10 Gigabit Ethernet, where processing overhead of the network stack becomes significant. TOEs are often used as a way to reduce the overhead associated with Internet Protocol (IP) storage protocols such as iSCSI and Network File System (NFS).

Remote administration refers to any method of controlling a computer from a remote location. Software that allows remote administration is becoming increasingly common and is often used when it is difficult or impractical to be physically near a system in order to use it. A remote location may refer to a computer in the next room or one on the other side of the world. It may also refer to both legal and illegal remote administration.

Direct inward dialing (DID), also called direct dial-in (DDI) in Europe and Oceania, is a telecommunication service offered by telephone companies to subscribers who operate a private branch exchange (PBX) system. The feature provides service for multiple telephone numbers over one or more analog or digital physical circuits to the PBX, and transmits the dialed telephone number to the PBX so that a PBX extension is directly accessible for an outside caller, possibly by-passing an auto-attendant.

<i>Hacking: The Art of Exploitation</i> 2003 book by Jon "Smibbs" Erickson

Hacking: The Art of Exploitation (ISBN 1-59327-007-0) is a book by Jon "Smibbs" Erickson about computer security and network security. It was published by No Starch Press in 2003, with a second edition in 2008. All of the examples in the book were developed, compiled, and tested on Gentoo Linux.

DSL modem Type of computer network modem; network equipment

A digital subscriber line (DSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line (DSL) service for connection to the Internet, which is often called DSL broadband. The modem connects to a single computer or router, through an Ethernet port, USB port, or is installed in a computer PCI slot.

Computer network Network that allows computers to share resources and communicate with each other

A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are made up of telecommunication network technologies, based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies.

Internet fax, e-fax, or online fax is the use of the internet and internet protocols to send a fax (facsimile), rather than using a standard telephone connection and a fax machine. A distinguishing feature of Internet fax, compared to other Internet communications such as email, is the ability to exchange fax messages with traditional telephone-based fax machines.

Novation CAT Series of computer modems

Novation is an early modem manufacturer whose CAT series were popular in the early home computer market in the late 1970s and early 1980s, notably on the Apple II. The Hayes Smartmodem 300, introduced in 1981, helped kill off Novation and many other early modem companies over the next few years.

Telephone number Sequence of digits assigned to a telephone subscription

A telephone number is a sequence of digits assigned to a landline telephone subscriber station connected to a telephone line or to a wireless electronic telephony device, such as a radio telephone or a mobile telephone, or to other devices for data transmission via the public switched telephone network (PSTN) or other public and private networks.

Modem Device that modulates an analog carrier signal to encode digital information

A modulator-demodulator or modem is a computer hardware device that converts data from a digital format into a format suitable for an analog transmission medium such as telephone or radio. A modem transmits data by modulating one or more carrier wave signals to encode digital information, while the receiver demodulates the signal to recreate the original digital information. The goal is to produce a signal that can be transmitted easily and decoded reliably. Modems can be used with almost any means of transmitting analog signals, from light-emitting diodes to radio.

H. D. Moore American businessman

H. D. Moore is a network security expert, open source programmer, and hacker. He is a developer of the Metasploit Framework, a penetration testing software suite, and the founder of the Metasploit Project.

WarVOX was a free, open-source VOIP-based war dialing tool for exploring, classifying, and auditing phone systems. WarVOX processed audio from each call by using signal processing techniques and without the need of modems. WarVOX used VoIP providers over the Internet instead of modems used by other war dialers. It compared the pauses between words to identify numbers using particular voicemail systems.

An automatic dialer is an electronic device or software that automatically dials telephone numbers. Once the call has been answered, the autodialer either plays a recorded message or connects the call to a live person.

References

  1. "Next Generation 'War-Dialing' Tool On Tap". Dark Reading. 5 March 2009.
  2. 1 2 Patrick S. Ryan (Summer 2004). "War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics". Social Science Research Network. SSRN   585867.{{cite journal}}: Cite journal requires |journal= (help)
  3. Vollmann, Michael T (director) (10 March 2015). The 414s: The Original Teenage Hackers. CNN.
  4. "MegaSoft Limited". Compute!'s Gazette (advertisement). January 1985. p. 167. Retrieved 6 December 2017.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.