Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!jarthur!dpletche
From: dpletche@jarthur.Claremont.EDU (Nuclear Warrior)
Newsgroups: comp.dcom.modems
Subject: Re: Modem backdoor passwords (was re: security functions)
Message-ID: <11790@jarthur.Claremont.EDU>
Date: 18 Apr 91 23:32:20 GMT
References: <PTTe13w164w@dogface> <1991Apr15.155157.19473@cimage.com> <21400047@bfmny0.BFM.COM>
Organization: Harvey Mudd College, Claremont, CA 91711
Lines: 18

In article <21400047@bfmny0.BFM.COM> tneff@bfmny0.BFM.COM (Tom Neff) writes:
>If and when Caller*ID becomes universally available, it might be
>superior to callback for modem security.

This might be useful as an additional line of defense, but I don't
know if it would guarantee the same security.  If you trust the
caller-id signal, you are delegating some responsibility for the
security of your computer to the PSTN.  It doesn't seem at all
inconceivable that some mildly clever cracker might figure out a way
to spoof the caller-id.  I imagine it would be much harder to reroute
an actual callback, on the other hand.  The two might be used in
conjunction:  an incoming caller-id signal could be looked up (without
any need to answer), then if it is a valid number the callback modem
could call the number and the system could allow the correct set of
privileges.  This system could surely still be breached, but I think
it would be harder than just fooling caller-id.
-- David Pletcher
   dpletche@jarthur.claremont.edu