Path: utzoo!utgpu!water!watmath!clyde!bellcore!tness7!tness1!sugar!karl
From: karl@sugar.uu.net (Karl Lehenbauer)
Newsgroups: comp.dcom.modems
Subject: Re: call back
Summary: Some modems listen for a dial tone; of course it's not enough
Keywords: glare
Message-ID: <2322@sugar.uu.net>
Date: 22 Jul 88 22:14:48 GMT
References: <428@solaris.UUCP> <3208@edm.UUCP> <17569@glacier.STANFORD.EDU>
Organization: Sugar Land Unix - Houston, TX
Lines: 24

In article <17569@glacier.STANFORD.EDU>, jbn@glacier.STANFORD.EDU (John B. Nagle) writes:
>       Telephone people call this "glare".  There's a basic problem with
> using the same phone line for originating and receiving calls.  There's
> a risk that when the phone goes off-hook to originate a call, it is actually
> answering a call for which ringing has not yet started.  Depending upon the
> utilization of the line involved, this may happen very seldom or quite
> frequently.  ...

Yes.  This is a security hole for uucp, as a guy could possibly get your
line right as your modem picked it up to dial out, then spoof a login 
and get your machine's uucp logon and password for the remote machine.

I get a lot of incoming modem calls on my system, and, annoyingly often
when dialing out via cu or kermit, the modem picks up to dial and instead 
picks up an incoming call.

Many Hayes-compatible modems (including some Hayes ones, I think) can be
configured to listen for a dial tone and not dial out if they don't
hear one, which helps in some ways, but doesn't improve security a 
whole lot because the dedicated cracker can easily play a dialtone to trick
your modem.
-- 
-- backups:  always in season; never out of style.
-- karl@sugar.uu.net aka uunet!sugar!karl