Xref: utzoo comp.dcom.modems:9154 sci.crypt:4454 alt.security:2128
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!mips!cs.uoregon.edu!ogicse!qiclab!percy!m2xenix!quagga!undeed!rscott
From: rscott@Daisy.EE.UND.AC.ZA (Richard F Scott)
Newsgroups: comp.dcom.modems,sci.crypt,alt.security
Subject: Re: Remote access to modem (was re: security functions in modems)
Keywords: security, modems.
Message-ID: <1991Apr09.070649.15315@Daisy.EE.UND.AC.ZA>
Date: 9 Apr 91 07:06:49 GMT
Followup-To: rscott@daisy.ee.und.ac.za
Distribution: usa
Organization: Univ. Natal, Durban, S. Africa
Lines: 25

In article <1991Apr5.215301.13807@netcom.COM> gandrews@netcom.COM (Greg Andrews) writes:
>In article <1991Apr5.170644.3076@sctc.com> smith@sctc.com (Rick Smith) writes:
>>I heard a rumor recently that some dialback modems are manufactured
>>with a "backdoor" password that can't be disabled, which gives an
>>outsider rather complete access to the modem. So check out your
>>manufacturer closely. Evidently modem design/manufacturing skills are
>>independent of good sense where security is concerned.
>>
>
>Access to the modem wouldn't compromise security on the computer.
>If you give the matter some thought, the worst thing that can happen
>is the caller could screw up your modem settings.  Big Deal.  That
>still won't allow them into the computer.
>
>There's no connection between modem access and computer security unless
>the computer has no security at all.
>

I beg to differ. If a modem is intelegent enough to have a "backdoor"
password , then it should be able to remember the last number dialed out,
as well as the corresponding user-name typed in after the _LOGIN_
prompt and then the characters typed for the _PASSWORD_. As these are fairly
standard prompts, it should get it right most of the time !!! 

Richard Scott.