> On Sun, 27 Sep 1998, Brett Glass wrote: > > > Today, it's rare to find a modem that responds to the attack unless there > > happens to be a long pause in the data stream after the "+++". > ... > > Therefore, this DoS attack isn't a big deal. It's easily preventable, > > rarely effective, and relatively harmless (all you have to do, if it hits, > > is redial). > > > > --Brett Glass > > > > I have tested this out here locally, as well as with the help from a few > other people onlin and it seems that 6 of 9 modems have been affected. I > would hardly call that 'rarely effective', relatively harmless yes, but > it seems to be a large percentage. I am interested to see more results > as too how wide spread this is. > > (all tests were done using ping -p 2b2b2b415448300d host ) > > kill9 > In doing some testing here on willing victims.... 30% seemed vulnerable with the ping -p attack. For IRC users: //raw NOTICE ToastyMan : $+ $chr(1) $+ PING +++ATH0 $+ $chr(1) (in mirc) Also seems to work, and will work through bnc's or whatever proxy you are going through, since it's part of the irc protocol..... This only worked on one user though. So far, A/Open(acer) 56k's were the most common modem that was vulnerable. (3 of the 6 tested that were vulnerable were using those modems) I'm working on a 'For Dummies' program that will scan your system for modems, and ATZ ATS2=255&W Hopefully this'll be fixed. I'll release it tommorow, and post it here if Aleph doesn't mind. Kevin Day DragonData
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:56 PDT