Hi Ari! How's it going? Long time no see.
>>>> ari @
soscorp .
com (Ari Shamash) Said:
Ari> Regular POTS lines do not have any sort of out-of-band
Ari> signaling to determine when the phone line has actually hung up
Ari> (unlike ISDN, for example). The only way a modem can know that
Ari> it really hung up the line is by getting a dialtone, which can
Yeah, this is a real problem with dialback systems. I use separate
modems for inbound and outbound traffic; the user authenticates to the
dialback system on a wholly separate line than she is called back
on. The dialout modems are on lines that are callout-only (NYNEX
supplies these) and further are on a Microcom HDMS chassis that does a
nice job of screaming when it sees RING activity on lines marked for
dialout.
As pointed out previously in this thread, though, all dialback systems
are vulnerable to social engineering; just convince the phone company
to call-forward a trusted number.
Might it be possible to use Caller ID to detect such an attack?
-Rens
|
|
