[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::hackers_v1

Title:	-={ H A C K E R S }=-
Notice:	Write locked - see NOTED::HACKERS
Moderator:	DIEHRD::MORRIS

Created:	Thu Feb 20 1986
Last Modified:	Mon Aug 03 1992
Last Successful Update:	Fri Jun 06 1997
Number of topics:	680
Total number of notes:	5456

643.0. "Modem Callback?" by SRFSUP::LONGO (Bob Longo) Tue Dec 29 1987 19:50

    I would like to have my VAX at work dial my modem at home and let
    me login.  Does anyone know of a way to use the MODEM program (or
    something similar) to dial a modem and then let the input from the
    other end act as unsolicited input so the job controller will fire
    up a job on the line?
    
    As you might have guessed, the office is a toll call from my house,
    and there aren't any TSN, Tymnet, Compuserve, etc. numbers in the
    local area.  My problems would be solved if we had DF242-CA
    (Scholar-Plus) modems, but we don't.  Just DF03s.
    
    Thanks for any help,
    -Bob

T.R	Title	User	Personal Name	Date	Lines
643.1	simple = caution required	DPDMAI::BEATTIE	But, Is BLISS ignorance?	`Wed Dec 30 1987 09:50`	30
	I think I would approach the problem in DCL with a simple batch job which would allocate the modem port, disable HANGUP (and possibly MODEM), set the Baud rate, OPEN the port as a sequential file, write the dial command to the modem, and deallocate the device. I wouldn't think handling a modem response would be necessary, because a returned terminator character on the [now] deallocated port will merely trigger LOGINOUT, which is what you want anyway. Of course, there are several holes in this hack, including principly the need to override VMS port security precautions implemented with EIA signals. I seem to remember that when control of a port changes from one process to another, VMS deliberately drops DTR (ostensibly to force the modem to hang-up, if possible?), which may adversely affect your modem connection. If you defeat this behavior with creative wiring, or with modem straps, you should be VERY CAREFUL about permitting the modem to be used for in-dial traffic. You must also either set the device protections so you can write to it, or use adequate privilege. Note that allowing write access to any port makes it vulnerable to unprivileged PASSWORD STEALING programs. The last time I tried this was with connections directly through DMF-32 and DZ-11 ports. If your modem is on a DECserver, the process is probably different. -- Brian (What's a hacker without a soldering iron anyway?)
643.2		PASTIS::MONAHAN	I am not a free number, I am a telephone box	`Thu Dec 31 1987 11:58`	17
	ACB, which is supported for internal use (though not available for customers) does a bit more than what you want. You dial the VAX, give it your name and telephone number (not too expensive on phone calls) it validates the combination in a security database, and if it likes you then it phones you back and lets you log in. It is used in several places in Europe for security reasons, since the incoming line is tied to ACB, and cannot be used to log in, while the other lines are set to outgoing only. Ideally you should persuade your local IS to install ACB on some large system, with one (or more) incoming lines, and lots of outgoing lines. That is what I am using at the moment. I set host from the large system to my workstation. We have one incoming line to ACB, and about 12 lines for it to choose from for the outgoing calls.
643.3	Security error in ACB?	MAY20::MINOW	Je suis marxiste, tendance Groucho	`Fri Jan 01 1988 10:28`	18
	re: .2 You dial the VAX, give it your name and telephone number (not too expensive on phone calls) it validates the combination in a security database, and if it likes you then it phones you back and lets you log in. It seems like a breach of security for you to have to type the telephone number -- you should type your name and a "location identifier" (home, office, customer_x, whatever) and it should dial the number associated with that name in the database. Letting you choose the number when you call lets a wiretapper (who has your name and will soon have your password) spoof you from "any" number. The first ACB program I'd heard of, used in the mid 1970's by police stations connecting to a central database, used the answerback ID to index the database, then called the associated number. The caller should not be able to directly control the number. Martin.
643.4		CASEE::VANDENHEUVEL	Make my Day	`Sat Jan 02 1988 16:59`	15
	No Martin, no security problem. The computer does not dial the number you just typed in but rather the number that it has stored for you. Also, the name need not be the your `username'. Any odd identifier will do. In other words, you only trigger ACB to start dialing a previously recorded phone number. If the is a security breach then it will be on the administration side. Once ACB dialed (back) to you then it is the standard username/password (un)security. (Actually, I am connected through ACB 'as we speak'. It dialed from a central machine and I entered through a captive account with an obvious username and no password. The account only let's me do a SET HOST, or at least that's what they tell me, and I do not plan to investigate as I value the service too much.) Hein.
643.5	So where do I get ACB?	SRFSUP::LONGO	Bob Longo	`Sun Jan 03 1988 04:57`	0
643.6		PASTIS::MONAHAN	I am not a free number, I am a telephone box	`Mon Jan 04 1988 11:06`	5
	The current distribution point for the kit is SHIRE::ACBV1$KIT:. For internal support you can currently call the Valbonne I.S. hotline (at least in Europe). I am not sure what may be done in the U.S. or GIA.
643.7		PASTIS::MONAHAN	I am not a free number, I am a telephone box	`Mon Jan 04 1988 11:14`	5
	Incidentally, the directory includes about half a dozen examples of different control routines for different modems. If yours is not included it should be easy to take one of these as an example template. The documentation is also in that directory.