On Mon, 28 Sep 1998, kill9 wrote: > On Sun, 27 Sep 1998, Brett Glass wrote: > > Today, it's rare to find a modem that responds to the attack unless there > > happens to be a long pause in the data stream after the "+++". > ... > > Therefore, this DoS attack isn't a big deal. It's easily preventable, > > rarely effective, and relatively harmless (all you have to do, if it hits, > > is redial). > > > > --Brett Glass > > > > I have tested this out here locally, as well as with the help from a few > other people onlin and it seems that 6 of 9 modems have been affected. I > would hardly call that 'rarely effective', relatively harmless yes, but > it seems to be a large percentage. I am interested to see more results > as too how wide spread this is. This was widespread when I was involved in Fidonet. There are two good cures, depending on the modems you use. 1. Make sure you have a guard time of at least a second. Due to licensing restrictions, not all modems implement guard times which is why the problem came about in the first place. 2. Change the escape lead-in sequence to something that's NOT "+++" Most modems will take any character with a decimal number >128 as a DISABLE, and will therefore "prevent" this DoS by ensuring an on-line modem never gets the escape lead-in in the first place. Even if your modem doesn't disable, you can pick some obscure code as an escape character. Don't use things that are likely to occur in normal use, like " " or "---" etc! There was an e-mail exploit some time back (12 months or more) that used exactly the same DoS to hang peoples mail, but simply including the string "+ + + ATH0" (without the spaces) in an e-mail message. When a vulnerable modem attempted to send the text, it went off-line immediately. RossW
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:56 PDT