SLUG Mailing List Archives - Re: [chat] Re: [SLUG] Answer + Disappointment

To: slug-chat@xxxxxxxxxxx
Subject: Re: [chat] Re: [SLUG] Answer + Disappointment
From: Crossfire <xfire@xxxxxxxx>
Date: Tue Sep 11 08:47:02 2001
User-agent: Mutt/1.3.20i

Gnuthad was once rumoured to have said:
> On 11 Sep 2001,, Peter Hardy <peterhardy@xxxxxxxxxxxxxx> said:
> 
>> It's already been proven elsewhere that most of what I wrote was
>> mindless ranting, and I apologise.  Basically, if the triple+ thing
>> is a problem for you, then your modem hardware is at fault, and
>> workarounds exist.  For what it's worth, my 33.6k ISA modem laughs
>> at the magic sequence.
> 
> Mine does too, now that I use ATS2=255 in my init string. My Redback 
> has vulnerable firmware, but that string works perfectly, not a 
> single disconnect from that exploit since.

The bug affects a large number of older rockwell chipset based modems
which incorrectly do not enforce the 5 second guard time on the escape
sequence.

Its a known issue, and it was resolved - my newer 56K rockwell chipset
modem doesn't have the same fault.

The workaround, as Gnuthad mentioned, is to set S2 to something other
than the default value.  The S2 register defines the character used
for the escape sequence.  Since the escape sequence generally isn't
used in favour of dropping DTR to hangup the modem, it doesn't usually
interfere with modem operation too much.

One of people's favourite little tricks used to be sending the hangup
sequence with a dial command after it in a ICMP echo request, which
would then be echo'd by the host's IP stack, and would hit the modem,
which would then execute the commands.  Lets just say its not nice. :)

As for exploiting it in an email message, that shouldn't work since
the email should not be reflected back over the modem in the correct
direction for it to trigger a hangup.  (ie: the modem won't hang up if
it receives the message from the remote host, only if the local host
sends it).

Of course, if you replied to the email, and left the sequence in the
message, yes, that'd probably hang it up.

C.
-- 
--==============================================--
  Crossfire      | This email was brought to you
  xfire@xxxxxxxx | on 100% Recycled Electrons
--==============================================--

Follow-Ups:
- Re: [chat] Re: [SLUG] Answer + Disappointment
  - From: Jamie Wilkinson

References:
- Re: [chat] Re: [SLUG] Answer + Disappointment
  - From: Gnuthad
- Re: [chat] Re: [SLUG] Answer + Disappointment
  - From: Gnuthad

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chat] Re: [SLUG] Answer + Disappointment
Next by Date: Re: [chat] Re: [SLUG] Answer + Disappointment
Previous by thread: Re: [chat] Re: [SLUG] Answer + Disappointment
Next by thread: Re: [chat] Re: [SLUG] Answer + Disappointment