Path: utzoo!attcan!uunet!jarthur!usc!sdd.hp.com!uakari.primate.wisc.edu!aplcen!haven!decuac!bacchus.pa.dec.com!rust.zso.dec.com!shlump.nac.dec.com!mountn.dec.com!baudr8.enet.dec.com!lail From: lail@baudr8.enet.dec.com (Robert G Lail) Newsgroups: comp.dcom.modems Subject: Re: Any REAL advantage of Trailblazer V.32 over MultiTech V.32? Message-ID: <2015@mountn.dec.com> Date: 9 Nov 90 20:18:11 GMT References: <1990Nov8.193019.4064@wsrcc.com> <300@twg.bc.ca> <2661@cirrusl.UUCP> <111109@uunet.UU.NET> Sender: news@mountn.dec.com Reply-To: Lail@state.enet.dec.com Organization: Digital Equipment Corporation, Merrimack, NH Lines: 71 In article <1990Nov8.193019.4064@wsrcc.com>, wolfgang@wsrcc.com (Wolfgang S. Rupprecht) writes: |> From: wolfgang@wsrcc.com (Wolfgang S. Rupprecht) |> Newsgroups: comp.dcom.modems |> Subject: Re: Any REAL advantage of Trailblazer V.32 over MultiTech V.32? |> |> >One real advantage of the telebit v.32 over others is that the T1500 |> >supports dialup passwords and callback security in the modem. |> |> I don't understand how one can do a functional callback security in a |> modem. One known attack method is to dial up the modem, log the |> request for a callback and quickly drop the line. Now call back |> before the call-back modem has a chance to dial out. The modem will |> think it is dialing the call-back number, but it is really already |> talking to the attacker (who may even by sending a dialtone down the |> line, and recording the callback number that the remote modem is |> toning down the line.) Having been the architect of callback security in the Digital Equipment Corp modems I have a good idea of the problems encountered using the same telephone line for callback that is used for dial-in access. The attack method you mention has two problems. One is that any good callback security modem will not execute a callback until it has authenticated the initial caller. In Digital's callback security this is done by requesting a password (6 to 10 characters long) that is assigned to a fixed phone number, both of which are stored in non-volatile memory in the modem. Once the password has been authenticated the callack modem hangs up the connection and initiates the callback. Assuming the user that was authenticated is not at the telephone number associated with the password used, and wants to fool the modem, hanging up and calling right back would not work because the modem will detect the loss of carrier. In the Digital modems once a user has been authenticated and the connection is broken the modem will not answer incoming calls again until a callback is completed successfully or the modem fails to make a connection to the assigned telephone number after two attempts. Also the Digital modems monitor phone line current as well as carrier. They will not initiate a callback unless both carrier and line current drop for a specific time. One older method of spoofing callback modems was to use a hack in the telephone system that allowed the originating party to hold the line open if the remote party hung up. The remote user would not hangup when the callback modem did and then would spoof the dial-tone and call progess signals when the callback modem attempted its callback. Newer CO and PBX equipment will not allow this method because they dump the connection if either party hangs up for more than a specific time. In the Digital modem the period between hang-up and callback attempt is programable with a minimum of 10 seconds and a maximum of 60 seconds. |> |> The fix for this attack is to *never* call out with a callback on a |> line that can be called from the outside. This precludes use of the |> so called "callback security" features resident in modems. |> I agree that when absolute maximum security is needed a callback security function should accept incoming calls on one phone line and place the callback on a second line. The telephone service should be set up such that the dial-in line is incoming only, no dial-out access, and the dial-out line is out-going only, |> Manufacturers that sell modems with this feature aren't really doing |> folks a big favor. I believe callback security, even single line, is a valuable feature to help manage network security. Properly configured callback security modems on properly configured telephone lines can effectively shield your systems from most attacks. -Bob Lail