Full Disclosure mailing list archives
Re: Ancient Trivia: +++ath0
From: cstone <cstone () pobox com>
Date: Wed, 17 Mar 2004 20:30:39 -0600
On Wed, Mar 17, 2004 at 08:42:55PM -0500, Luke Scharf wrote:
As the old BBS'ers and even older folks know, the string "+++ath0" will disconnect a modem. Once upon a time, I had this string in my e-mail signature. Some folks using Windows and a dialup line couldn't respond to my e-mail, even though the e-mail was being sent via PPP and all that good stuff. Everyone could receive the mail, though, so I'm assuming that the ISP was was running a decent implementation of PPP -- although since I haven't used modems in years, I can't rule out that the ISP was using some sort of non-Hayes modem.
Does anyone know what versions of windows had this particular bug in the PPP implementation? Were any other systems affected?
This wasn't a Windows bug; instead, it was a flaw in most non-Hayes* modems. These commands (the +++ escape and ATH0) are only meaningful when they're sent outbound through the modem; this is why everyone was able to read your message, but were unable to reply-- their replies entailed sending the message, +++(command) included, over the wire. If TCP/IP over PPP is involved, there's a chance that the +++ may be split into different packets -- in this case, the data would go through just fine -- but it's more likely that it all gets sent right next to each other when it actually goes through the modem. This has made the rounds of bugtraq and other security forums a few times, usually with mentions of "exploits" involving ICMP echo and/or IRC. (For an example of this, see http://www.geocrawler.com/archives/3/91/1998/9/0/198214/) * = Hayes has a patent on a scheme to protect against unintentional triggering of the escape sequence; on their modems, you have to wait a specific amount of time before and after the +++ before issuing a command. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Ancient Trivia: +++ath0 Luke Scharf (Mar 17)
- Re: Ancient Trivia: +++ath0 cstone (Mar 17)
- Re: Ancient Trivia: +++ath0 Luke Scharf (Mar 18)
- Re: Ancient Trivia: +++ath0 Alexander Bochmann (Mar 18)
- Re: Ancient Trivia: +++ath0 Cael Abal (Mar 18)
- Re: Ancient Trivia: +++ath0 Luke Scharf (Mar 18)
- Re: Ancient Trivia: +++ath0 cstone (Mar 17)
- Re: Ancient Trivia: +++ath0 Nick FitzGerald (Mar 17)
- Re: Ancient Trivia: +++ath0 Harry Hoffman (Mar 17)
- Re: Ancient Trivia: +++ath0 KF (Mar 17)
- Re: Ancient Trivia: +++ath0 Harry Hoffman (Mar 17)
- <Possible follow-ups>
- Re: Ancient Trivia: +++ath0 Paul Szabo (Mar 17)
- Re: Ancient Trivia: +++ath0 Luke Scharf (Mar 18)
- RE: Ancient Trivia: +++ath0 Cowles, Robert D. (Mar 18)
- RE: Ancient Trivia: +++ath0 Dave Horsfall (Mar 18)