War dialing

War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for unknown computers, BBS systems or fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers for password guessing.

A single wardialing call would involve calling an unknown number, and waiting for one or two rings, since answering computers usually pick up on the first ring. If the phone rings twice, the modem hangs up and tries the next number. If a modem or fax machine answers, the wardialer program makes a note of the number. If a human or answering machine answers, the wardialer program hangs up. Depending on the time of day, wardialing 10,000 numbers in a given area code might annoy dozens or hundreds of people, some who attempt and fail to answer a phone in two rings, and some who succeed, only to hear the wardialing modem's carrier tone and hang up. The repeated incoming calls are especially annoying to businesses that have many consecutively numbered lines in the exchange, such as used with a Centrex telephone system.

The popularity of wardialing in 1980s and 1990s prompted some states to enact legislation prohibiting the use of a device to dial telephone numbers without the intent of communicating with a person.

The name for this technique originated in the 1983 film WarGames. In the film, the protagonist programs his computer to dial every telephone number in Sunnyvale, CA in order to find other computer systems. 'WarGames Dialer' programs became common on bulletin board systems of the time, with file names often truncated to wardial.exe and the like due to length restrictions on such systems. Eventually, the etymology of the name fell behind as "war dialing" gained its own currency within computing culture. [ [http://ssrn.com/abstract=585867 Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics] ]

A more recent phenomenon is wardriving, the searching for Wi-Fi wireless networks by moving vehicle. Wardriving was named after wardialing, since both techniques involve brute-force searches to find computer networks. The aim of wardriving is to collect information about wireless access points (not to be confused with piggybacking).

Similar to war dialing is a port scan under TCP/IP, which "dials" every TCP port of every IP address to find out what services are available, then gaining access to them by guessing passwords or by exploiting vulnerabilities in software that runs with elevated privileges. Unlike wardialing, however, port scans will generally not disturb a human being when it tries an IP address that isn't up. Related to wardriving is warchalking, the practice of drawing chalk symbols in public places to advertise the availability of wireless networks. Despite its widespread coverage, warchalking never particularly caught on as a popular activity.

The term is also used today by analogy for various sorts of exhaustive brute force attack against an authentication mechanism, such as a password. While a dictionary attack might involve trying each word in a dictionary as the password, "wardialing the password" would involve trying every possible password.

War dialing is sometimes used as a synonym for demon dialing, a related technique which also involves automating a computer modem in order to repeatedly place telephone calls.

Trivia

* Sandstorm Enterprises has a patent US patent|6490349 on the multi-line war dialer. ("System and Method for Scan-Dialing Telephone Numbers and Classifying Equipment Connected to Telephone Lines Associated therewith.") The patented technology is implemented in Sandstorm's [http://www.phonesweep.com PhoneSweep] war dialer.

ee also

*demon dialing
*toneloc, a famous war dialer for DOS.
* [ftp://ftp.immutec.com/pub/tmap tmap] , ISDN-based war dialer for Windows and Linux.
*wardriving
*warflying
*Vishing
* [http://www.softwink.com/iwar iWar] , a popular war dialer for Unix type of operating systems

References