[Since the flood of responses has subsided a little, and a few people have shown interest
in the same subject, it's good time to post a summary. If different responses appear later,
I'll post another summary].
- Recently I posted an inquiry about dial-back units that hook up between the computer
and the modem, intercept the remote login and dial back to the caller using a predefined
phone number, thus achieving a higher level of remote login security.
- Thanks for all who responded. To reduce global mail traffic and costs, I'm not
acknowledging each message to its originator.
- Here is a summary of the responses:
1. Use the Defender II dialback system from Digital Pathways.
Contact: Digital Pathways,
Customer Support Dept.
221 West Grand Ave.
Montvale, New Jersey 07645-2019
Service 1-800-344-7284 [see note below]
General numbers 1-800-DIG-PATH CA only ?
1-708-932-4848 ?
1-617-270-0698 Sales
Kathy Holle [holle@asc.slb.com]
John A. Murphy [jam@philabs.philips.com]
Mike Raffety [miker@trinity.sbcoc.com]
Carl Rigney [cdr@kpc.com]
Max Z. [uunet!philabs!contel0!maxz]
Note: Different people gave different phone numbers; check with Ma Bell
directory before you call.
2. Use Telebit T1600, T2000, T2500, NetBlazer modems - they have this dial-back capability.
Also they are other modems in the market that have it.
Phil C. [pcc@kadima.s1.gov]
Brent Chapman [brent@telebit.com]
Jon Diekema [diekema@jdbbs.mi.org]
Bob Halloran [rkh @ AT&T]
Alek Komarnitsky [alek@spatial.com]
Steve Roth [sroth@eastend.uucp]
Earl Smith [earl@cs.columbia.edu]
3. Use public domain software - from ftp site titan.rice.edu or the SUG archives.
H.M.V.C. Govers [vgovers@escher.earth.ruu.nl]
Kevin Sheehan [kevin.sheehan@fourx.Aus.Sun.COM]
4. Use US Robotics "Total Control" modem rack.
Alan Carpenter [ajc@mcm.com]
5. Use commercial software from Qualtrak (for Suns).
Alan Carpenter [ajc@mcm.com]
Notes:
A. Brent Chapman (from Telebit Corp.) added the following important insight:
>> A single-line callback scheme is much better than nothing, but it's NOT
>> bulletproof by any means. The problem is that the modem has no way of
>> absolutely determining the state of the line before making its call
>> back. It tries to hang up, then go off-hook again to make the return
>> call, but it can't tell if the dial tone it hears is the "real" phone
>> company dial tone, or a recording generated by the intruder, who hasn't
>> let the line hang up. Similarly for ring signals. Even if the modem
>> _does_ successfully hang up the first call, the guy can quickly call
>> back a second time, and catch the modem as it goes off-hook to make the
>> outgoing call; the timing isn't _that_ tricky.
>>
>> A more secure callback scheme requires multiple phone lines. The
>> outgoing (return) call is made on a different line than the original
>> came in on. Preferably, the line outgoing calls are made on is unable
>> to accept incoming calls (incoming calls to the outgoing line can be
>> permanently forwarded to the incoming lines, for instance).
B. For more information about public domain software, as supplied by H.M.V.C. Govers
[vgovers@escher.earth.ruu.nl], please contact me directly. It's too long to be
included here.
>>> Please use the address in 'Reply-To', not the 'From'. <<<
/* Amir J. Katz | Internet: amir%pilat.UUCP@taux01.nsc.com */
/* System Manager | Voice: +972 52-570713 */
/* Silvaco Israel Ltd. | Fax: +972 52-570719 */
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:20 CDT