Can it be done?

I have searched Google both webpages and usenet, and can find nothing on
this. I'm sure somebody asked before---

Can a website identify the modem I use? That is, can it pull from modem
some piece of information thus they can later say "this modem has connected
to us before"?

Assume use of Privoxy and Tor, and a careful use of anti-virus/anti-trojan.

Thank for your time.

Jot Smevle

In article <d8j8uk$8qk$>,
Jot Smevle <> wrote:
:I have searched Google both webpages and usenet, and can find nothing on
:this. I'm sure somebody asked before---

:Can a website identify the modem I use? That is, can it pull from modem
:some piece of information thus they can later say "this modem has connected
:to us before"?

Not reliably.

There are several possibilities:

1) An internal modem whose serial number is available by examining the
registry or by doing I/O to the right port (e.g., as is done by the
Windows Device Manager)

2) An external modem which effectively just dials a pre-configured
phone number when DTR is raised, and whose configuration -cannot-
be accessed (through the serial port) from the host computer

3) An external modem whose configuration is accessible through the
serial port when no call is in progress, but not while one is in
progress

4) An external modem whose configuration is accessible while a call
is in progress by sending a string such as +++ with the timing
of the string not being important [the exact string is often
configurable]

5) An external modem whose configuration is accessible while a call
is in progress by sending a special string with specific timing
[the exact string is often configurable, as is the timing, and
these modems often offer a way to disable this feature]


#1 and #3 require the ability of the website to insert and run
a program on your system. #2 can't be touched (unless there happens
to be a -different- serial port controlling it, or a way to configure
it through the network or whatever.) #4 was common 20 years ago, but
after a few years mostly made way to #5.

With #4, it used to be relatively easy to get to the modem, using
tricks such as programming the terminal "answerback" and then triggering
the "answerback" to be sent. But answerbacks did not provide any
timing control (e.g., one second "guard time" around the +++), so those
methods were useless against #5. #5 pretty much requires inserting
a program onto your system.


Now, the above answer is in terms of information such as modem serial
number, but it shouldn't be taken as the -only- possible answer.

Modems are never -really- identical. If you have a good DSP (Digital
Signal Processor) on the modem on answering side, and some good software,
then you [as the site owner] could do probes at the V.42 infrastructure
layer, and could otherwise watch for unique timing characteristics
of the bit patterns. For example, you [the analyst] might discover
the bounds of the hysteresis of the 5th and 8th bits of
a data constellation are characteristic on one particular modem,
or you might discover that the modem always transmits the wrong
bit pattern for certain characters, with it not usually mattering
because there are always extra bits sent to allow ECC (Error Correction).

Does anyone actually go to the trouble of "fingerprinting" particular
modems? I don't know. I don't -know- of any available software for
such a thing, but I don't work with that kind of security so it wouldn't
have come to my attention. My suspicion is that the TLA's
("Three Letter Acronyms" -- CIA, FBI, etc.) could probably do such
a thing with little difficulty.
--
Entropy is the logarithm of probability -- Boltzmann

Walter Roberson

Walter Roberson wrote:
> In article <d8j8uk$8qk$>,
> Jot Smevle <> wrote:
> :I have searched Google both webpages and usenet, and can find nothing on
> :this. I'm sure somebody asked before---
>
> :Can a website identify the modem I use? That is, can it pull from modem
> :some piece of information thus they can later say "this modem has connected
> :to us before"?
>
> Not reliably.
>
> There are several possibilities:
>
> 1) An internal modem whose serial number is available by examining the
> registry or by doing I/O to the right port (e.g., as is done by the
> Windows Device Manager)
>
> 2) An external modem which effectively just dials a pre-configured
> phone number when DTR is raised, and whose configuration -cannot-
> be accessed (through the serial port) from the host computer
>
> 3) An external modem whose configuration is accessible through the
> serial port when no call is in progress, but not while one is in
> progress
>
> 4) An external modem whose configuration is accessible while a call
> is in progress by sending a string such as +++ with the timing
> of the string not being important [the exact string is often
> configurable]
>
> 5) An external modem whose configuration is accessible while a call
> is in progress by sending a special string with specific timing
> [the exact string is often configurable, as is the timing, and
> these modems often offer a way to disable this feature]
>
>
> #1 and #3 require the ability of the website to insert and run
> a program on your system.

I am sufficiently smart to keep that from happening.


> #2 can't be touched (unless there happens
> to be a -different- serial port controlling it, or a way to configure
> it through the network or whatever.)

I don't think either my internal winmodem nor any of my three external
full-chip-set "real" modems act as you described above.


> #4 was common 20 years ago, but
> after a few years mostly made way to #5.
>
> With #4, it used to be relatively easy to get to the modem, using
> tricks such as programming the terminal "answerback" and then triggering
> the "answerback" to be sent. But answerbacks did not provide any
> timing control (e.g., one second "guard time" around the +++), so those
> methods were useless against #5.

Is there any way I can test my modems to see if this is true of them? I do not
have a LAN nor any way to set one up, if that matters for this (though I would
think not, as Ethernet doesn't use modems, but I'm not versed enought to tell
for sure).


> #5 pretty much requires inserting
> a program onto your system.

Again, I know how to prevent/catch/remove that sort of thing.

> Now, the above answer is in terms of information such as modem serial
> number, but it shouldn't be taken as the -only- possible answer.
>
> Modems are never -really- identical. If you have a good DSP (Digital
> Signal Processor) on the modem on answering side, and some good software,
> then you [as the site owner] could do probes at the V.42 infrastructure
> layer, and could otherwise watch for unique timing characteristics
> of the bit patterns. For example, you [the analyst] might discover
> the bounds of the hysteresis of the 5th and 8th bits of
> a data constellation are characteristic on one particular modem,
> or you might discover that the modem always transmits the wrong
> bit pattern for certain characters, with it not usually mattering
> because there are always extra bits sent to allow ECC (Error Correction).
>
> Does anyone actually go to the trouble of "fingerprinting" particular
> modems? I don't know. I don't -know- of any available software for
> such a thing, but I don't work with that kind of security so it wouldn't
> have come to my attention. My suspicion is that the TLA's
> ("Three Letter Acronyms" -- CIA, FBI, etc.) could probably do such
> a thing with little difficulty.

Not what I'm concerned about; way above my "threat model"

Thank you for your answer!

Jot Smevle