Date: Wed, 18 Sep 96 17:33:07 +0000 From: Andrew.Gordon@net-tel.co.uk To: graichen@axp5.physik.fu-berlin.de Cc: hardware@FreeBSD.org Subject: Re: dail back modems (or dialing back with modems) Message-ID: <"28729-960918154318-B6B1*/G=Andrew/S=Gordon/O=NET-TEL Computer Systems Ltd/PRMD=NET-TEL/ADMD=Gold 400/C=GB/"@MHS> In-Reply-To: <199609140727.JAA00994@mordillo>
next in thread | previous in thread | raw e-mail | index | archive | help
> does anyone here know about hardware dial back modems (you call them and > then > they call directly back to you) - if yes - whats the price for them > compared > to a normal modem ? Among others, the USR Courier supports this. "Compared to a normal modem" depends what you think a normal modem is; compared to a cheapest-possible modem, maybe double the price - but so far as I am concerned my USR Courier is my "normal modem".... HOWEVER, this may not be what you want. Depending on your local phone system, dial-back with a single line/modem may not offer you the security that you hope for. Certainly in the UK "calling party clears" applies to most phone lines - this means that if you make a call and the answering end hangs up, the call remains open and if they pick up again the incoming call is still there. The call is only cleared if the calling party hangs up (or after a timeout). This allows the following exploit with simple dialback systems: Intruder dials in and requests dialback Answering modem hangs up ready to dial back Intruder does not hang up when carrier is lost, so call remains open Answering modem picks up expecting dialtone Intruder simulates dialtone on the still-open call Answering modem dials number, but as call is open it has no effect at all Intruder simulates ringing and answer Call is connected, even though Intruder is not calling from the number dialled back. This makes the "dial back" no more secure than a simple password scheme. Of course, your phone system might not have calling-party-clears, or it might provide polarity reversals that a clever modem can use to detect the difference between a real connect and a fake one, but you require detailed knowledge of both modem and phone system to be sure. The safe way to do dial-back is to use two modems, connected to two phone lines, and dial back on the other line. Round here, we use Caller-ID for secure dial-in, which has the advantage of being much faster as well as (probably) more secure. It is also quite cheap here. In your case, ISDN may be a better bet.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?"28729-960918154318-B6B1*/G=Andrew/S=Gordon/O=NET-TEL Computer Systems Ltd/PRMD=NET-TEL/ADMD=Gold 400/C=GB/">