Xref: utzoo comp.unix.questions:5794 comp.unix.wizards:6681
Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!ll-xn!mit-eddie!bloom-beacon!mgm.mit.edu!wolfgang
From: wolfgang@mgm.mit.edu (Wolfgang Rupprecht)
Newsgroups: comp.unix.questions,comp.unix.wizards
Subject: Re: Usenet Security
Message-ID: <3206@bloom-beacon.MIT.EDU>
Date: 25 Feb 88 04:58:31 GMT
References: <108@tron.UUCP> <2739@codas.att.com> <23504@hi.unm.edu> <7311@brl-smoke.ARPA>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: wolfgang@mgm.mit.edu (Wolfgang Rupprecht)
Organization: Freelance Software Consultant, Boston, Ma.
Lines: 19

In article <7311@brl-smoke.ARPA> gwyn@brl.arpa (Doug Gwyn) writes:
>One way to not lose an appreciable degree of security due to modem
>access (assuming telephone line tapping is ruled out) is to have
>the system check an incoming user ID against an internal list and
>call back the phone number contained in the internal list to
>establish the real working connection.

Call-back is a great hack. Unfortunately it only works if the Unix
system can insure that the phone connection is truly broken when Unix
hangs up the modem. Some phone exchanges seem to have bugs that allow
the call originator to keep the connetion open, even if the call
recipient hangs up. The call-back scheme would fail miserably if the
dial-back modem merrily dialed away on a phone line that still had the
initial call-in connection active. The call-in hacker could even send
a phoney dial tone down the line, if he wanted to embellish the
charade a bit. 
---
Wolfgang Rupprecht	ARPA:  wolfgang@mgm.mit.edu (IP 18.82.0.114)
326 Commonwealth Ave.	UUCP:  mit-eddie!mgm.mit.edu!wolfgang
Boston, Ma. 02115	TEL:   (617) 267-4365