| Revision as of 21:20, 25 November 2007 editCanthusus (talk | contribs)Extended confirmed users, Pending changes reviewers, Rollbackers11,482 edits Reverted 3 edits by 87.194.88.199 identified as vandalism to last revision by 24.220.104.26. using TW← Previous edit | Latest revision as of 21:05, 30 July 2022 edit undoSaksapoiss (talk | contribs)Extended confirmed users19,321 editsmNo edit summary | ||
| (130 intermediate revisions by 100 users not shown) | |||
| Line 1: | Line 1: | ||
| {{Short description|Computer security attack via dial-up modems}} | |||
| {{Unreferenced|date=April 2007}} | |||
| {{Refimprove|date=February 2009}} | |||
| {{Use dmy dates|date=July 2022}} | |||
| '''Wardialing''' (or '''war dialing''') is a technique to automatically scan a list of ] numbers, usually dialing every number in a ] to search for modems, computers, ]s (]s) and ]s. ] use the resulting lists for various purposes: ] for exploration, and ]—malicious hackers who specialize in breaching computer security—for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company's telephone network. | |||
| '''War dialing''' or '''wardialing''' is a method of automatically scanning telephone numbers using a ], usually dialing every ] number in a local area to find where computers or ]s are available, then attempting to access them by guessing passwords. | |||
| ==Process== | |||
| The name for this technique originated in the 1983 film ]. In the film, the protagonist programs his computer to dial every telephone number in ] in order to find other computer systems. The name "war dialing" rapidly became popular within computing culture.<ref></ref> | |||
| A single wardialing call would involve calling an unknown number, and waiting for one or two rings, since answering computers usually pick up on the first ring. If the phone rings twice, the modem hangs up and tries the next number. If a modem or fax machine answers, the wardialer program makes a note of the number. If a human or answering machine answers, the wardialer program hangs up. Depending on the time of day, wardialing 10,000 numbers in a given area code might annoy dozens or hundreds of people, some who attempt and fail to answer a phone in two rings, and some who succeed, only to hear the wardialing modem's ] and hang up. The repeated incoming calls are especially annoying to businesses that have many consecutively numbered lines in the exchange, such as used with a ] telephone system. | |||
| ⚫ | A more recent phenomenon is ], the searching for |
||
| Some newer wardialing software, such as ], does not require a modem to conduct wardialing.<ref>{{Cite web|url=https://www.darkreading.com/vulnerability/next-generation-war-dialing-tool-on-tap/215800791|title=Next Generation 'War-Dialing' Tool On Tap|website=Dark Reading|date=5 March 2009 }}</ref> Rather, such programs can use ] connections, which can speed up the number of calls that a wardialer can make. ] has a patent {{US patent|6490349}} on a multi-line war dialer. ("System and Method for Scan-Dialing Telephone Numbers and Classifying Equipment Connected to Telephone Lines Associated therewith.") The patented technology is implemented in Sandstorm's ] war dialer. | |||
| ⚫ | Similar to war dialing is a ] under TCP/IP, which "dials" every ] ] of every ] to find out what services are available |
||
| ==Etymology== | |||
| ⚫ | The term is also used today by analogy for various sorts of exhaustive ] attack against an authentication mechanism, such as a password. While a ] might involve trying each word in a dictionary as the password, "wardialing the password" would involve trying every possible password. | ||
| The popular name for this technique originated in the 1983 film '']''.<ref name=ryan2004>{{cite journal | title = War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics | author = Patrick S. Ryan | ssrn = 585867 | publisher = Social Science Research Network | date = Summer 2004 }}</ref> In the film, the protagonist programmed his computer to dial every telephone number in ] to find other computer systems. Prior to the movie's release, this technique was known as "hammer dialing" or "]",{{citation needed|date=September 2013}} but the film introduced the method to many, such as the members of ].<ref name="cnn20150310">{{cite AV media | url=http://www.cnn.com/videos/tech/2015/03/10/digital-shorts-original-teenage-hackers-orig.cnn | title=The 414s: The Original Teenage Hackers | publisher=CNN | date=2015-03-10 | people=Vollmann, Michael T (director)}}</ref> By 1985 at least one company advertised a "War Games Autodialer" for ].<ref name="cg198501">{{cite news|url=https://archive.org/stream/1985-01-computegazette/Compute_Gazette_Issue_19_1985_Jan#page/n187/mode/2up|title=MegaSoft Limited|date=January 1985|work=Compute!'s Gazette|accessdate=2017-12-06|pages=167|type=advertisement}}</ref> Such programs became common on bulletin board systems of the time, with file names often truncated to wardial.exe and the like due to ] on such systems. Eventually, the etymology of the name fell behind as "war dialing" gained its own currency within computing culture.{{r|ryan2004}} | |||
| ⚫ | The popularity of wardialing in 1980s and 1990s prompted some states to enact legislation prohibiting the use of a device to dial telephone numbers without the intent of communicating with a person. | ||
| War dialing is sometimes used as a synonym for ], a related technique which also involves automating a computer modem in order to repeatedly place telephone calls. | |||
| ==Variants== | |||
| ⚫ | |||
| ⚫ | A more recent phenomenon is ], the searching for ]s (]) from a moving vehicle. Wardriving was named after wardialing, since both techniques involve actively scanning to find computer networks. The aim of wardriving is to collect information about ]s (not to be confused with ]). | ||
| ==Trivia== | |||
| * ] has a patent {{US patent|6490349}} on the multi-line war dialer. ("System and Method for Scan-Dialing Telephone Numbers and Classifying Equipment Connected to Telephone Lines Associated therewith.") The patent is practiced in Sandstorm's war dialer. | |||
| ⚫ | Similar to war dialing is a ] under TCP/IP, which "dials" every ] ] of every ] to find out what services are available. Unlike wardialing, however, a port scan will generally not disturb a human being when it tries an IP address, regardless of whether there is a computer responding on that address or not. Related to wardriving is ], the practice of drawing chalk symbols in public places to advertise the availability of wireless networks. | ||
| *One of the segments on the 2006 audio/visual project ], by ] and ], entitled "War Dialer," is based on this concept. | |||
| *An episode of ] had a character war dialing in order to make mulitple calls to a radio station to be the 24th caller to win ] tickets. Ironically, radio stations started announcing a random number for order of precedence in callers in order to circumvent war dialing. | |||
| ⚫ | The term is also used today by analogy for various sorts of exhaustive ] against an authentication mechanism, such as a password. While a ] might involve trying each word in a dictionary as the password, "wardialing the password" would involve trying every possible password. Password protection systems are usually designed to make this impractical, by making the process slow and/or locking out an account for minutes or hours after some low number of wrong password entries. | ||
| ==See also== | ==See also== | ||
| *] | *] | ||
| *], a |
*], a war dialer for ]. | ||
| *] | |||
| *, ]-based war dialer for ] and ]. | |||
| *] | |||
| *] | |||
| *] | *] | ||
| ==References== | ==References== | ||
| {{reflist}} | |||
| <references /> | |||
| ⚫ | ] | ||
| ==External links== | |||
| ⚫ | ] | ||
| * The Electronic Code of Federal Regulations has the most up to date version of the TCPA which appears to make wardialing a federal crime in the United States. | |||
| * 2009 article about using WarVOX for an internal network scan. | |||
| ] | ] | ||
| ⚫ | ] | ||
| ] | |||
| ⚫ | ] | ||
| ] | |||
| ] | |||
| ] | |||
Latest revision as of 21:05, 30 July 2022
Computer security attack via dial-up modems | This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Wardialing" – news · newspapers · books · scholar · JSTOR (February 2009) (Learn how and when to remove this message) |
Wardialing (or war dialing) is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers—malicious hackers who specialize in breaching computer security—for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company's telephone network.
Process
A single wardialing call would involve calling an unknown number, and waiting for one or two rings, since answering computers usually pick up on the first ring. If the phone rings twice, the modem hangs up and tries the next number. If a modem or fax machine answers, the wardialer program makes a note of the number. If a human or answering machine answers, the wardialer program hangs up. Depending on the time of day, wardialing 10,000 numbers in a given area code might annoy dozens or hundreds of people, some who attempt and fail to answer a phone in two rings, and some who succeed, only to hear the wardialing modem's carrier tone and hang up. The repeated incoming calls are especially annoying to businesses that have many consecutively numbered lines in the exchange, such as used with a Centrex telephone system.
Some newer wardialing software, such as WarVOX, does not require a modem to conduct wardialing. Rather, such programs can use VOIP connections, which can speed up the number of calls that a wardialer can make. Sandstorm Enterprises has a patent U.S. patent 6,490,349 on a multi-line war dialer. ("System and Method for Scan-Dialing Telephone Numbers and Classifying Equipment Connected to Telephone Lines Associated therewith.") The patented technology is implemented in Sandstorm's PhoneSweep war dialer.
Etymology
The popular name for this technique originated in the 1983 film WarGames. In the film, the protagonist programmed his computer to dial every telephone number in Sunnyvale, California to find other computer systems. Prior to the movie's release, this technique was known as "hammer dialing" or "demon dialing", but the film introduced the method to many, such as the members of The 414s. By 1985 at least one company advertised a "War Games Autodialer" for Commodore computers. Such programs became common on bulletin board systems of the time, with file names often truncated to wardial.exe and the like due to length restrictions of 8 characters on such systems. Eventually, the etymology of the name fell behind as "war dialing" gained its own currency within computing culture.
The popularity of wardialing in 1980s and 1990s prompted some states to enact legislation prohibiting the use of a device to dial telephone numbers without the intent of communicating with a person.
Variants
A more recent phenomenon is wardriving, the searching for wireless networks (Wi-Fi) from a moving vehicle. Wardriving was named after wardialing, since both techniques involve actively scanning to find computer networks. The aim of wardriving is to collect information about wireless access points (not to be confused with piggybacking).
Similar to war dialing is a port scan under TCP/IP, which "dials" every TCP port of every IP address to find out what services are available. Unlike wardialing, however, a port scan will generally not disturb a human being when it tries an IP address, regardless of whether there is a computer responding on that address or not. Related to wardriving is warchalking, the practice of drawing chalk symbols in public places to advertise the availability of wireless networks.
The term is also used today by analogy for various sorts of exhaustive brute force attack against an authentication mechanism, such as a password. While a dictionary attack might involve trying each word in a dictionary as the password, "wardialing the password" would involve trying every possible password. Password protection systems are usually designed to make this impractical, by making the process slow and/or locking out an account for minutes or hours after some low number of wrong password entries.
See also
- Autodialer
- Toneloc, a war dialer for DOS.
- Warflying
- Vishing
References
- "Next Generation 'War-Dialing' Tool On Tap". Dark Reading. 5 March 2009.
- ^ Patrick S. Ryan (Summer 2004). "War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics". Social Science Research Network. SSRN 585867.
{{cite journal}}: Cite journal requires|journal=(help) - Vollmann, Michael T (director) (10 March 2015). The 414s: The Original Teenage Hackers. CNN.
- "MegaSoft Limited". Compute!'s Gazette (advertisement). January 1985. p. 167. Retrieved 6 December 2017.
External links
- 47 C.F.R. § 64.1200(a)(7) The Electronic Code of Federal Regulations has the most up to date version of the TCPA which appears to make wardialing a federal crime in the United States.
- Old School Hacks: War Dialing with WarVox 2009 article about using WarVOX for an internal network scan.