Bugtraq mailing list archives

Re: otp - the next generation

From: Ben Laurie <ben () ALGROUP CO UK>
Date: Fri, 23 Mar 2001 14:39:06 +0000

Gregory Steuck wrote:

2) SMS source address can not be forged.

I am pretty sure that both assumptions are wrong. Phone company (or
companies, I don't know how the messages are routed) will most certainly
be able to sniff your messages and forge the source address.


Indeed. And SMPP (the protocol usually used to inject SMSes into the
network over TCP) also allows the source address to be specified, though
I believe some telcos impose restrictions on valid source addresses.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

ApacheCon 2001! http://ApacheCon.com/

Current thread:

otp - the next generation Lukasz Luzar (Mar 22)
- Re: otp - the next generation Szilveszter Adam (Mar 23)
  - Re: otp - the next generation Casper Dik (Mar 23)
  - Re: otp - the next generation Denis A. Doroshenko (Mar 23)
- Re: otp - the next generation Gregory Steuck (Mar 23)
  - Re: otp - the next generation Tollef Fog Heen (Mar 23)
  - Re: otp - the next generation Ben Laurie (Mar 23)
  - Re: otp - the next generation Dag-Erling Smorgrav (Mar 23)
- Re: otp - the next generation Tristam Fenton-May (Mar 23)
- <Possible follow-ups>
- Re: otp - the next generation Elias Levy (Mar 23)