Firewalls: Re: DIAL BACK MODEM software?

Firewalls
(September 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: DIAL BACK MODEM software?
From:	"Perry E. Metzger" <pmetzger @ lehman . com>
Date:	Fri, 24 Sep 1993 14:01:53 -0400
To:	Brad Huntting <huntting @ advtech . uswest . com>
Cc:	dave @ eram . esi . com . au (Dave Horsfall), firewalls @ GreatCircle . COM
In-reply-to:	Your message of "Fri, 24 Sep 1993 10:39:15 MDT." <9309241639 . AA10819 @ futureworld . advtech . uswest . com>
Reply-to:	pmetzger @ lehman . com

Brad Huntting says:
> 
> > Well, the biggest problem (apart from being unable to call from a
> > different location) is ensuring that you do indeed call the number
> > back...  Tricks involve playing a recorded dial-tone back at the modem,
> > to fool it into thinking it has seized the line etc.  You need to have
> > inbound and outbound lines, choosing one of the latter at random, or
> > perhaps using a digital exchange.
> 
> As long as your outdial modem supports a "flash switch hook" option,
> just order 3 way calling on the line and always dial back with
> 
> 	ATDT !W number
> 
> The switch hook flash is an out of band signal to the switch that can
> be caught.

Far far more secure than this is just to order dial-out only lines for
your dialout and have seperate dial in and dial out lines. Thats what
we do. Since no one can ever dial in to the dial out lines you've just
eliminated a big potential security problem.

Perry

References:

Re: DIAL BACK MODEM software?
From: Brad Huntting <huntting @ advtech . uswest . com>

Indexed By Date	Previous:	Re: DIAL BACK MODEM software? From: Brad Huntting <huntting @ advtech . uswest . com>
Indexed By Date	Next:	Re: Security Risk Assessment (was Re: Access control for SMTP?) From: smb @ research . att . com
Indexed By Thread	Previous:	Re: DIAL BACK MODEM software? From: Brad Huntting <huntting @ advtech . uswest . com>
Indexed By Thread	Next:	BSD rlogin From: jim @ tadpole . com (Jim Thompson)