dupuy@cs.columbia.edu (Alexander Dupuy) (12/22/88)
In a sun-spots article dan@watson.bbn.com (Dan Franklin) writes: > X-Sun-Spots-Digest: Volume 7, Issue 70, message 3 of 14 > As more people are trying to beef up security by having the system call > them back to log in, it's probably worth a reminder: don't use the same > telephone line (number) to call in and out. That would render the > callback mechanism completely useless. The reason is that there is no > reliable indication from the phone company to your modem that a caller has > actually hung up. [details deleted for brevity] > Even using a different line is not a defense, if the number can be > discovered. The penetrator can just call it ahead of time. You must use > a separate, unrelated (and unlisted) set of phone numbers. It's best if > the numbers have a different exchange prefix, to make finding them really > difficult. It seems that the CLASS-type service which is now becoming available from the BOCs would be ideal for a 'poipatraitor' to use to discover the dialback numbers being used. Admittedly, you'd have to have the system dial you back at least once, so that this only allows a (possibly former) insider to break the system, but that can be an issue. Are CLASS-blocking capabilities available? What if their system has CLASS and yours doesn't, but does provide calling # information to other exchanges? I guess the best solution is to use a modem pool for dialouts, and randomly select one of the modems in the pool. Ahh, but then if they cracked your random-number generator.... :-) @alex -- -- inet: dupuy@columbia.edu uucp: ...!rutgers!columbia!dupuy [Moderator's Note: Actually, a far better, easier, and cheaper way to handle the problem of unwanted users who simply hang on the line waiting for the modem to pick up and 'dial them back' -- only to be re-connected with the original phreak caller is to install *three way calling* on the incoming modem lines, and program the outdial activity to always begin with a switchook flash. 1) Modem answers; accepts information, instructs caller to disconnect. 2) If the caller does in fact disconnect to be called back, when the modem goes off hook a few seconds later to make the call, an extra switchook flash will do nothing but provide dialtone once, a disconnect, and dialtone a second time....then a dialed number. 3) On the other hand, if someone is lurking, waiting for the modem to pick up the line, that extra switchook flash will bring up the other line, and send the call out on it instead. Won't the phreak be suprised when he is left 'on hold'!! ha ha!! And if the modem is dialing his true number (which is unlikely, considering the games being played) it will get a busy signal or (if phreak has call waiting) will knock him off the line with the call waiting signal. This approach eliminates the need for the system administrator to get a group of lines for call back purposes and the need to keep them secret. Most modems can simulate a switchook flash with ! ... at least my US Robotics Courier 2400 can do it. P. Townson]
jbn@glacier.stanford.edu (John B. Nagle) (12/24/88)
The moderator's idea can be beaten, but I don't have time to explain how right now. Maybe next week. John Nagle [Moderator's Note: I don't believe you! I don't think you can get around my suggestion for modem call-back security. Perhaps you will 'find the time next week' to show me where I am wrong. P. Townson]
hayes@ames.arc.nasa.gov (Jim Hayes) (12/25/88)
dupuy@cs.columbia.edu (Alexander Dupuy) writes in article <telecom-v08i0206m07@vector.UUCP>: >X-Administrivia-To: telecom-request@vector.uucp >X-TELECOM-Digest: volume 8, issue 206, message 7 > >I guess the best solution is to use a modem pool for dialouts, and randomly >select one of the modems in the pool. Ahh, but then if they cracked your >random-number generator.... :-) > >[Moderator's Note: Actually, a far better, easier, and cheaper way to handle >the problem of unwanted users who simply hang on the line waiting for the >modem to pick up and 'dial them back' -- only to be re-connected with the >original phreak caller is to install *three way calling* on the incoming modem >lines, and program the outdial activity to always begin with a switchook >flash. Who says you have to dial INTO a modem to get reasonable call-back service? Dialing into a dedicated "receiver" that understands TouchTone works just fine. Once authentication is complete, the unit hangs up the dedicated line and instructs a modem somewhere in the system to call the user back on the modem's individual line. I've used two systems that implement callback using this method with great success. -Jim Hayes Advanced Micro Devices, Inc., Sunnyvale CA. hayes@amdcad.amd.com /earth: file system full {ucbvax|sun|decwrl}!amdcad!hayes These are not opinions of AMD.
jiii@uunet.UU.NET (John E Van Deusen III) (01/07/89)
The problem of verifying that a penetrator is not hanging on the line could be solved by first dialing your own system and doing some secret handshaking. This method does not require extra lines, (unless the call mix is 100% call-back of incoming calls), or optional services. Some programming is required, and the penetrator will see the login sequence used to do the verification. It would be, therefore, one of those single-command logins with no password.