Xref: utzoo comp.unix.questions:5814 comp.unix.wizards:6699
Path: utzoo!mnetor!uunet!nbires!hao!ames!netsys!tsl
From: tsl@netsys.UUCP (Tom Livingston)
Newsgroups: comp.unix.questions,comp.unix.wizards
Subject: Re: Usenet Security
Message-ID: <5875@netsys.UUCP>
Date: 26 Feb 88 03:27:01 GMT
References: <108@tron.UUCP> <2739@codas.att.com> <23504@hi.unm.edu> <7311@brl-smoke.ARPA> <3206@bloom-beacon.MIT.EDU>
Reply-To: tsl@netsys.UUCP (Tom Livingston)
Organization: NetSys Public Access NetWork,Germantown,Md.
Lines: 45
Keywords: Callback security
Summary: Callback works (sometimes)

In article <3206@bloom-beacon.MIT.EDU> wolfgang@mgm.mit.edu (Wolfgang Rupprecht) writes:
>Call-back is a great hack. Unfortunately it only works if the Unix
>system can insure that the phone connection is truly broken when Unix
>hangs up the modem. Some phone exchanges seem to have bugs that allow
>the call originator to keep the connetion open, even if the call
>recipient hangs up. The call-back scheme would fail miserably if the
>dial-back modem merrily dialed away on a phone line that still had the
>initial call-in connection active. The call-in hacker could even send
>a phoney dial tone down the line, if he wanted to embellish the
>charade a bit. 
	Callback security is something that is rather easy (for the
amount of security) but can't be ignored either...  Many (dare I say
most?) phone systems will give you an appreciable amount of time to
stay on the line after one party has hung up, but the call stays connected
(this is for some good reasons, but also happens as an accident).  A good
way is to either use another line for outdials or keep the phone on hook
for a good long time (60 seconds would be enough).  Problems and good
points of the various types are:

   Standard callback (one line, small wait time) --  Very easy to keep
the line open and connected.  Dial tones can indeed be faked by a cheap
recorder, 3 line or conference calling, or even whistling (yes, really!).
But, it does give a good amount of security, and often gives you enough
so that the 'random' intruder will go on to easier targets.

   Timed callback (one line, appreciable wait time) --  Very good security,
but an intruder still can drop the connection, call back, and let it ring
until it is picked up and starts to dial out.  This can be enhanced several
ways.

   Two line callback --  Very good security, an intruder would have to scan
for the outdial line, happen to get it _when_ it was outdialing, but then
the intruder would not have to know a vaild 'ID' code... just wait on the
line until it was used for an outdial.  Note -- Realistically, to my 
knowledge, there is no good way to find an outdial without being inside
the company, or X-REFing the in-dial with all other lines owned, and then
determing which the outdial was.  Not an easy task, and it would not
generally be attempted.

>Wolfgang Rupprecht (wolfgang@mgm.mit.edu) 
                                                _____________
                                                  /  
                                               --/ __ _______
                                              (_/ (_) / / / <_ Livingston
                                              { decuac,ihnp4 }!netsys!tsl