Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site amdahl.UUCP
Path: utzoo!utcs!lsuc!pesnta!amdcad!amdahl!jre
From: jre@amdahl.UUCP (Joe Eykholt)
Newsgroups: net.unix-wizards,net.dcom
Subject: Re: Dial Back isn't always secure
Message-ID: <1226@amdahl.UUCP>
Date: Mon, 4-Mar-85 19:43:08 EST
Article-I.D.: amdahl.1226
Posted: Mon Mar  4 19:43:08 1985
Date-Received: Tue, 5-Mar-85 15:17:58 EST
References: <112@hydra.UUCP> <8840@brl-tgr.ARPA>
Distribution: net
Organization: Amdahl Corp, Sunnyvale CA
Lines: 25
Xref: utcs net.unix-wizards:11626 net.dcom:875

> 
> 	It occurs to me that a really good way to protect a dial-out
> line from an autodialer is to order the line as a conventional line
> with call forwarding, and to call forward the line to another modem.
> In this way, the call will automagically forward to a different modem,
> eliminating the possibility of hacking during the time window between
> dialing and call pickup.
> 
> 						-JCP-

This sounds like a good solution.  One possible way around this may be
to call-forward another phone to the outgoing modem.  I suspect that many
exchanges will not call-forward a call that has already been
forwarded once (to avoid forwarding forever).

To further clarify by example:  We have three lines A, B, and C.
Line A is the autodialer line that will be used to call out on.  It is
forwarded to line B, to avoid callers when it is trying to dial out.
Line C is some phone in the attacker's control.  The attacker forwards
line C to line A, and then calls line C from yet another phone.
The call is forwarded only from C to A, not from C to A to B.
-- 
		Joe Eykholt

[Opinions expressed by me are not necessarily held by any other entity.]