Usenet Security
Wolfgang Rupprecht
wolfgang at mgm.mit.edu
Thu Feb 25 14:58:31 AEST 1988
In article <7311 at brl-smoke.ARPA> gwyn at brl.arpa (Doug Gwyn) writes:
>One way to not lose an appreciable degree of security due to modem
>access (assuming telephone line tapping is ruled out) is to have
>the system check an incoming user ID against an internal list and
>call back the phone number contained in the internal list to
>establish the real working connection.
Call-back is a great hack. Unfortunately it only works if the Unix
system can insure that the phone connection is truly broken when Unix
hangs up the modem. Some phone exchanges seem to have bugs that allow
the call originator to keep the connetion open, even if the call
recipient hangs up. The call-back scheme would fail miserably if the
dial-back modem merrily dialed away on a phone line that still had the
initial call-in connection active. The call-in hacker could even send
a phoney dial tone down the line, if he wanted to embellish the
charade a bit.
---
Wolfgang Rupprecht ARPA: wolfgang at mgm.mit.edu (IP 18.82.0.114)
326 Commonwealth Ave. UUCP: mit-eddie!mgm.mit.edu!wolfgang
Boston, Ma. 02115 TEL: (617) 267-4365
More information about the Comp.unix.questions
mailing list