Bugtraq mailing list archives
Re: 1+2=3, +++ATH0=Old school DoS
From: brett () LARIAT ORG (Brett Glass)
Date: Sun, 27 Sep 1998 23:27:34 -0600
I'm not entirely sure that these "kidz" quite understand what's going on here, so it probably pays to elucidate a bit. Some time ago, Hayes Microcomputer Products got a patent -- known as the "Heatherington patent" -- on its method of doing modem escape sequences. The patent was a "submarine" patent -- that is, one that issues long after others in the industry have begun using the same technique or technology -- and was bitterly disputed by other modem vendors, who didn't want to pay money to Hayes. However, Hayes gradually one most of the lawsuits due to deep pockets, clever lawyers, and the idiosyncrasies of the patent system. The patent involved the timing of the escape sequence: The characters "+++" followed by a 1-second pause. To get around the patent, some modem vendors simply eliminated the pause, so that the sequence +++AT would bring the modem back to command mode in all cases. Hayes, bitter about not being paid royalties by these vendors, sabotaged its own press releases by placing the characters "+++ATH0" at the top of each document and then circulating them widely. (The idea, I suppose, was to make the press believe that other brands of modems were not reliable.) I exposed this primitive denial of service attack in my InfoWorld column in 1991. Eventually, modem chip vendors licensed the patent, so that modem manufacturers didn't need to anymore. At that point, the whole issue became moot and the production of modems that didn't require a pause after the "+++" stopped. Today, it's rare to find a modem that responds to the attack unless there happens to be a long pause in the data stream after the "+++". Most ISPs program their modems to ignore the "+++" sequence, and so make their modems immune to it. You can, too, by setting the proper "S-register" on your modem. (You can still hang up the modem by dropping the DTR line, as virtually all communications programs do nowadays.) Therefore, this DoS attack isn't a big deal. It's easily preventable, rarely effective, and relatively harmless (all you have to do, if it hits, is redial). --Brett Glass
Current thread:
- 1+2=3, +++ATH0=Old school DoS Max Schau (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS Brett Glass (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS kill9 (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Kevin Day (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Ross Wheeler (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS kill9 (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS *unknown* (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Jason (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Tudor Bosman (Sep 28)
- <Possible follow-ups>
- Re: 1+2=3, +++ATH0=Old school DoS Daniel Hauck (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS Pete Gonzalez (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS John M. Flinchbaugh (Sep 28)
- SHADOW group research indicates distributed probes and attacks Patrick Oonk (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS John M. Flinchbaugh (Sep 28)
(Thread continues...)
- Re: 1+2=3, +++ATH0=Old school DoS Brett Glass (Sep 27)