Xref: utzoo comp.unix.questions:5998 comp.unix.wizards:6916
Path: utzoo!mnetor!uunet!mcvax!ukc!stc!ist!olgb1!slxsys!jpp
From: jpp@slxsys.specialix.co.uk (John Pettitt)
Newsgroups: comp.unix.questions,comp.unix.wizards
Subject: Re: Usenet Security
Message-ID: <153@slxsys.specialix.co.uk>
Date: 1 Mar 88 20:23:37 GMT
References: <3206@bloom-beacon.MIT.EDU>
Organization: Specialix International, London, UK.
Lines: 40

From article <3206@bloom-beacon.MIT.EDU>, by wolfgang@mgm.mit.edu (Wolfgang Rupprecht):
> Call-back is a great hack. Unfortunately it only works if the Unix
> system can insure that the phone connection is truly broken when Unix
> hangs up the modem. Some phone exchanges seem to have bugs that allow
> the call originator to keep the connetion open, even if the call
> recipient hangs up. The call-back scheme would fail miserably if the
> dial-back modem merrily dialed away on a phone line that still had the
> initial call-in connection active. The call-in hacker could even send
> a phoney dial tone down the line, if he wanted to embellish the
> charade a bit. 

The simple answer to the 'phoney dial tone' trick is to use another
line for the dial back - preferably one that has been set at 
the exchange to not accept incomming calls (we can, I'm told get 
this in the uk).  The more outgoing lines available the better 
as this lowers the odds on interception.   

Several uucp implementations are far from secure.  Apart from
getting HDB uucp one approach used is to put a Xenix/Unix based
PC system in as a comms system (volume permitting) and to then
implement an internal 'wire' link to the rest of the systems, 
with the other systems calling the server system which must contain
no valuable information.

This will defeat at lest one well known bug in some versions of
uucp. (No I am not going to say what versions, or what the bug is)

It must be said that most security problems are of the 'door left
unlocked' type and not clever hacks.  All the security software
in the world won't help if it's not used correctly!

John Pettitt, Specialix, Giggs Hill Rd, Thames Ditton, Surrey, England, KT7 0TR
{backbone}!mcvax!ukc!pyrltd!slxsys!jpp               jpp@slxsys.specialix.co.uk
Tel: +44-1-398-9422         Fax: +44-1-398-7122          Telex: 918110 SPECIX G
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-- 
John Pettitt, Specialix, Giggs Hill Rd, Thames Ditton, Surrey, England, KT7 0TR
{backbone}!mcvax!ukc!pyrltd!slxsys!jpp               jpp@slxsys.specialix.co.uk
Tel: +44-1-398-9422         Fax: +44-1-398-7122          Telex: 918110 SPECIX G
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<