On Wed, Oct 27, 1999 at 03:19:26AM -0400, [EMAIL PROTECTED] wrote:
> >From linux-ppp emailing list:
> > When a modem is in Online mode (Send/Receive data) to switch it in
> > Command mode (AT) it need to receive the +++ string with a minimum time
> > guard between before the first and the last + and also a maximum time
> > between +.
> >I thought the guard time was covered by a patent owned by Hayes (RIP), and
> >that some (many?) modem manufacturers don't include it to avoid licensing
> >costs.
The patent was called the Hayward (Sp?) patent or something
like that. A lot of the cheap modems got around that by creating
this thing called "TIES" (Time Independent Escape System). It
worked, sort of, fine for BBS work and terminal work. Some Hayes
people took to putting "+++ATH0" on a lone line in their signatures
just to bomb them, but outside of replying to Hayes mail, you didn't
have too much trouble. Real trouble is that it's totally incompatible
with PPP, SLIP, and other binary protocols. Pure probability gives you
a hit in roughly every 2 Meg of data you transmit for the bad 3 character
escape sequence (1 : 127**3). For some people that could be once a
month, for some people that could be once an hour.
What's really bad is now that some characters have resurrected
the practical joke of "TIES bombing" using ping. Someone comes on line
and you ping them with "+++ATH0\r" in the ping payload. If the ISP modem
is vulnerable, it hangs up the phone on the outbound packet. If the
customers modem is vulnerable, it hangs up the phone on the ICMP reply.
It's actually much worse than this and there's going to be a security
advisory out shortly on this.
Some discussion of last year indicated that there were at least
two major suppliers of modem chips which were still delivering TIES
chipsets and any modems based on those chips sets were vulnerable. I
don't know the current status in that regard.
> I have Diamond SupraExpress 56i modem, documentation on CD says S12, default 50,
> is the guard time, in units of 1/50 second, of no data transmission before and
> after the +++ string. But I set S12=250, and that +++ATH0 string still caused
> the modem to hang up. But setting S2=128 without doing anything about S12
> enabled the message with +++ATH0 string to go through. I was using DOS-based
> Arachne. I don't know if other PPPs would be different in this regard
> (OS/2 Warp, Linux, other Unixes, various Windows versions). I suppose there is
> no problem on receiving. I was successful using OS/2 popclient without setting
> S2=128. S2 is the ASCII code of escape character, 43 (+) by default, range is
> from 0 to 255, anything >= 128 is said to disable the escape (no upper ASCII?).
If the range for your modem is 0-127 then set the escape character
to 127 (DEL). If the range for you modem is 0-255, then set the character
to 255.
> When I bought that modem, Hayes was still in business. Now would modem
> manufacturers still have to pay licensing costs for that technology, with Hayes
> dead and gone? Who would they pay licensing costs to?
Who ever bought the patent along with that remaining vestige of
Hayes. It doesn't just evaporate. It gets purchased like the desks and
the chairs of the offices they were in.
> Thomas Mueller
> [EMAIL PROTECTED]
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
