Xref: utzoo comp.unix.questions:5910 comp.unix.wizards:6793
Path: utzoo!mnetor!uunet!sco!arthure
From: arthure@sco.COM (Arthur Evans)
Newsgroups: comp.unix.questions,comp.unix.wizards
Subject: Re: Usenet Security
Message-ID: <93@subsco>
Date: 1 Mar 88 17:24:21 GMT
References: <108@tron.UUCP> <2739@codas.att.com> <23504@hi.unm.edu> <7311@brl-smoke.ARPA> <3206@bloom-beacon.MIT.EDU> <5875@netsys.UUCP>
Reply-To: arthure@sco.COM (Arthur Evans)
Organization: The Santa Cruz Operation, Inc.
Lines: 18
Keywords: Callback security

In article <5875@netsys.UUCP> tsl@netsys.UUCP (Tom Livingston) writes:
)   Two line callback --  Very good security, an intruder would have to scan
)for the outdial line, happen to get it _when_ it was outdialing, but then
)the intruder would not have to know a vaild 'ID' code... just wait on the
)line until it was used for an outdial.  Note -- Realistically, to my 
)knowledge, there is no good way to find an outdial without being inside
)the company, or X-REFing the in-dial with all other lines owned, and then
)determing which the outdial was.  Not an easy task, and it would not
)generally be attempted.

Also, note that with the computerized phone systems that
many companies use, it may be possible to prevent a given 
line from being used as a dial-in at all, preventing the
sort of attack you describe.  

arthur
-- 
This is me. 							Who are you?