Path: utzoo!attcan!uunet!usaos!wsrcc.com!wolfgang From: wolfgang@wsrcc.com (Wolfgang S. Rupprecht) Newsgroups: comp.dcom.modems Subject: Re: Any REAL advantage of Trailblazer V.32 over MultiTech V.32? Message-ID: <1990Nov8.193019.4064@wsrcc.com> Date: 8 Nov 90 19:30:19 GMT References: <300@twg.bc.ca> <2661@cirrusl.UUCP> <111109@uunet.UU.NET> Organization: Wolfgang S Rupprecht Computer Consulting, Washington DC. Lines: 23 >One real advantage of the telebit v.32 over others is that the T1500 >supports dialup passwords and callback security in the modem. I don't understand how one can do a functional callback security in a modem. One known attack method is to dial up the modem, log the request for a callback and quickly drop the line. Now call back before the call-back modem has a chance to dial out. The modem will think it is dialing the call-back number, but it is really already talking to the attacker (who may even by sending a dialtone down the line, and recording the callback number that the remote modem is toning down the line.) The fix for this attack is to *never* call out with a callback on a line that can be called from the outside. This precludes use of the so called "callback security" features resident in modems. Manufacturers that sell modems with this feature aren't really doing folks a big favor. -wolfgang -- Wolfgang Rupprecht wolfgang@wsrcc.com (or) uunet!wsrcc!wolfgang Snail Mail Address: Box 6524, Alexandria, VA 22306-0524