Conducting a War Dialing test involves testing an organization’s list of phone numbers for the presence of modems. The purpose of this test is to detect unauthorized devices, such as modems or faxes, on a company’s telephone network that might provide an insecure connection into a company’s network systems.
War dialing in the past required specialized hardware called autodialers and a registered POTS (plain old telephone system) line. The autodialer would ring each line in a list of phone numbers for a few connection attempts. If a human voice answers, it would register it as a phone or answering machine, otherwise if a modem or fax answered, it would register it as a data device or fax system.
With the advent of VOIP technology, new Internet-based automdialers like WarVOX now offer war dialing as a service. The penetration tester simply configures a VOIP provider and the WarVOX Internet-based system, and it will automatically attempt each phone number in the range that is provided. Since each type of answering mechanism has a unique frequency range, WarVOX as well as other autodialers, can automatically log each dial attempt as:
- Human voice or answering machine
- No answer
- Fax machine