Xref: utzoo comp.dcom.modems:9117 sci.crypt:4444 alt.security:2100
Path: utzoo!utgpu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!ira.uka.de!smurf!urlichs
From: urlichs@smurf.sub.org (Matthias Urlichs)
Newsgroups: comp.dcom.modems,sci.crypt,alt.security
Subject: Re: Remote access to modem (was re: security functions in modems)
Message-ID: <!NS_20L@smurf.sub.org>
Date: 6 Apr 91 13:21:42 GMT
References: <1991Apr4.144615.22814@dce.ie> <1991Apr5.170644.3076@sctc.com> <1991Apr5.215301.13807@netcom.COM>
Organization: University of Karlsruhe, FRG
Lines: 21

In alt.security, article <1991Apr5.215301.13807@netcom.COM>,
  gandrews@netcom.COM (Greg Andrews) writes:
< 
< Access to the modem wouldn't compromise security on the computer.
< If you give the matter some thought, the worst thing that can happen
< is the caller could screw up your modem settings.  Big Deal.  That
< still won't allow them into the computer.
< 
Almost correct.
The problem is that many modems can be configured to keep the carrier detect
line turned on when you hang up, so the processes on the host would still run
and/or your terminal server would still keep you connected.

You can't rule out lost lines due to screwups on the phone line, or users
who fail to lot out properly.

Moral: Configure your modems so that they can't be configured remotely.
Or at all, if possible (AT&B ?).
-- 
Matthias Urlichs -- urlichs@smurf.sub.org -- urlichs@smurf.ira.uka.de     /(o\
Humboldtstrasse 7 - 7500 Karlsruhe 1 - FRG -- +49-721-621127(0700-2330)   \o)/