[8045] in bugtraq
Re: 1+2=3, +++ATH0=Old school DoS
daemon@ATHENA.MIT.EDU (Daniel Hauck)
Mon Sep 28 02:52:36 1998
Date: Mon, 28 Sep 1998 01:24:03 -0500
Reply-To: Daniel Hauck <xdesign@HOTMAIL.COM>
From: Daniel Hauck <xdesign@HOTMAIL.COM>
X-To: Brett Glass <brett@LARIAT.ORG>
To: BUGTRAQ@NETSPACE.ORG
With all due respect to you and your prior efforts, I will also add tha=
t I
tested the attack against a random channel on IRC and I downed about 33=
-40%
of the victims tested against.
In spite of what you are mentioning, it seems apparent that the folks a=
t
Rockwell did not purchase the patent...and Rockwell chipset modems are =
quite
popular these days. My own dialup modem was suseptable to the attack (=
ref:
the pipebomb blew up in my face.) until I fixed that. The stuff at wor=
k was
also Rockwell based until I fixed it. The results are surprisingly goo=
d.
Though it's an old attack (from way back in the BBS days) it's still qu=
ite
valid.
--my 2 cents.
-----Original Message-----
=8D=B7=8Fo=90l : Brett Glass <brett@LARIAT.ORG>
=88=B6=90=E6 : BUGTRAQ@NETSPACE.ORG <BUGTRAQ@NETSPACE.ORG>
=93=FA=8E=9E : 1998=94N9=8C=8E28=93=FA 0:41
=8C=8F=96=BC : Re: 1+2=3D3, +++ATH0=3DOld school DoS
>I'm not entirely sure that these "kidz" quite understand what's going =
on
>here, so it probably pays to elucidate a bit.
>
>Some time ago, Hayes Microcomputer Products got a patent -- known as t=
he
>"Heatherington patent" -- on its method of doing modem escape sequence=
s.
>The patent was a "submarine" patent -- that is, one that issues long a=
fter
>others in the industry have begun using the same technique or technolo=
gy --
>and was bitterly disputed by other modem vendors, who didn't want to p=
ay
>money to Hayes. However, Hayes gradually one most of the lawsuits due =
to
>deep pockets, clever lawyers, and the idiosyncrasies of the patent sy=
stem.
>
>The patent involved the timing of the escape sequence: The characters =
"+++"
>followed by a 1-second pause. To get around the patent, some modem ven=
dors
>simply eliminated the pause, so that the sequence +++AT would bring th=
e
>modem back to command mode in all cases.
>
>Hayes, bitter about not being paid royalties by these vendors, sabotag=
ed
>its own press releases by placing the characters "+++ATH0" at the top =
of
>each document and then circulating them widely. (The idea, I suppose, =
was
>to make the press believe that other brands of modems were not reliabl=
e.) I
>exposed this primitive denial of service attack in my InfoWorld column=
in
>1991.
>
>Eventually, modem chip vendors licensed the patent, so that modem
>manufacturers didn't need to anymore. At that point, the whole issue b=
ecame
>moot and the production of modems that didn't require a pause after th=
e
>"+++" stopped.
>
>Today, it's rare to find a modem that responds to the attack unless th=
ere
>happens to be a long pause in the data stream after the "+++". Most IS=
Ps
>program their modems to ignore the "+++" sequence, and so make their m=
odems
>immune to it. You can, too, by setting the proper "S-register" on your
>modem. (You can still hang up the modem by dropping the DTR line, as
>virtually all communications programs do nowadays.)
>
>Therefore, this DoS attack isn't a big deal. It's easily preventable,
>rarely effective, and relatively harmless (all you have to do, if it h=
its,
>is redial).
>
>--Brett Glass
>
