SUMMARY: Dial-Back Units

Date: Sun Aug 11 1991 - 20:28:56 CDT

[Since the flood of responses has subsided a little, and a few people have shown interest
 in the same subject, it's good time to post a summary. If different responses appear later,
 I'll post another summary].

- Recently I posted an inquiry about dial-back units that hook up between the computer
  and the modem, intercept the remote login and dial back to the caller using a predefined
  phone number, thus achieving a higher level of remote login security.

- Thanks for all who responded. To reduce global mail traffic and costs, I'm not
  acknowledging each message to its originator.

- Here is a summary of the responses:

1. Use the Defender II dialback system from Digital Pathways.

   Contact: Digital Pathways,
                  Customer Support Dept.
                  221 West Grand Ave.
                  Montvale, New Jersey 07645-2019
                  Service 1-800-344-7284 [see note below]
                  General numbers 1-800-DIG-PATH CA only ?
                                       1-708-932-4848 ?
                                       1-617-270-0698 Sales

     Kathy Holle []
     John A. Murphy []
     Mike Raffety []
     Carl Rigney []
     Max Z. [uunet!philabs!contel0!maxz]

   Note: Different people gave different phone numbers; check with Ma Bell
          directory before you call.

2. Use Telebit T1600, T2000, T2500, NetBlazer modems - they have this dial-back capability.
   Also they are other modems in the market that have it.

     Phil C. []
     Brent Chapman []
     Jon Diekema []
     Bob Halloran [rkh @ AT&T]
     Alek Komarnitsky []
     Steve Roth [sroth@eastend.uucp]
     Earl Smith []

3. Use public domain software - from ftp site or the SUG archives.

     H.M.V.C. Govers []
     Kevin Sheehan [kevin.sheehan@fourx.Aus.Sun.COM]

4. Use US Robotics "Total Control" modem rack.

     Alan Carpenter []

5. Use commercial software from Qualtrak (for Suns).

     Alan Carpenter []


A. Brent Chapman (from Telebit Corp.) added the following important insight:

>> A single-line callback scheme is much better than nothing, but it's NOT
>> bulletproof by any means. The problem is that the modem has no way of
>> absolutely determining the state of the line before making its call
>> back. It tries to hang up, then go off-hook again to make the return
>> call, but it can't tell if the dial tone it hears is the "real" phone
>> company dial tone, or a recording generated by the intruder, who hasn't
>> let the line hang up. Similarly for ring signals. Even if the modem
>> _does_ successfully hang up the first call, the guy can quickly call
>> back a second time, and catch the modem as it goes off-hook to make the
>> outgoing call; the timing isn't _that_ tricky.
>> A more secure callback scheme requires multiple phone lines. The
>> outgoing (return) call is made on a different line than the original
>> came in on. Preferably, the line outgoing calls are made on is unable
>> to accept incoming calls (incoming calls to the outgoing line can be
>> permanently forwarded to the incoming lines, for instance).

B. For more information about public domain software, as supplied by H.M.V.C. Govers
   [], please contact me directly. It's too long to be
   included here.

>>> Please use the address in 'Reply-To', not the 'From'. <<<
 /* Amir J. Katz | Internet: */
 /* System Manager | Voice: +972 52-570713 */
 /* Silvaco Israel Ltd. | Fax: +972 52-570719 */

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:20 CDT