> Generally, these kind of attacks work like this: a person trying to
> break in dials up the modem, and then simulates a hangup noise and
> dialtone WITHOUT ACTUALLY HANGING UP. The dialback modem thinks the
> line has hung up, picks up the line, dials, and waits for a carrier.
> The person supplies a carrier, and viola, connects to the system.
If your modem responds to a "hangup noise and dialtone" then you need to
get a new modem. The phone company uses polarity reversal to indicate
a disconnect, and that's what the modem needs to watch for... otherwise...
welll... what happens when some combination of carriers and signals with
the new whizzbang high speed V.superfast protocol triggers the hangup code.
S/Key can be made to advance the challenge on a failed connection. That's
a good idea... I may add it to my list of hacks to S/Key.
Speaking of S/Key, has anyone got a version of S/Key with MD4 and MD5 that
works on the alpha? Mine has a problem with it assuming 32 bit long arithmetic
somewhere.
Follow-Ups:
References:
|
|
