Can it be done?

Discussion in 'Computer Security' started by Jot Smevle, Jun 13, 2005.

  1. Jot Smevle

    Jot Smevle Guest

    I have searched Google both webpages and usenet, and can find nothing on
    this. I'm sure somebody asked before---

    Can a website identify the modem I use? That is, can it pull from modem
    some piece of information thus they can later say "this modem has connected
    to us before"?

    Assume use of Privoxy and Tor, and a careful use of anti-virus/anti-trojan.

    Thank for your time.
     
    Jot Smevle, Jun 13, 2005
    #1
    1. Advertising

  2. In article <d8j8uk$8qk$>,
    Jot Smevle <> wrote:
    :I have searched Google both webpages and usenet, and can find nothing on
    :this. I'm sure somebody asked before---

    :Can a website identify the modem I use? That is, can it pull from modem
    :some piece of information thus they can later say "this modem has connected
    :to us before"?

    Not reliably.

    There are several possibilities:

    1) An internal modem whose serial number is available by examining the
    registry or by doing I/O to the right port (e.g., as is done by the
    Windows Device Manager)

    2) An external modem which effectively just dials a pre-configured
    phone number when DTR is raised, and whose configuration -cannot-
    be accessed (through the serial port) from the host computer

    3) An external modem whose configuration is accessible through the
    serial port when no call is in progress, but not while one is in
    progress

    4) An external modem whose configuration is accessible while a call
    is in progress by sending a string such as +++ with the timing
    of the string not being important [the exact string is often
    configurable]

    5) An external modem whose configuration is accessible while a call
    is in progress by sending a special string with specific timing
    [the exact string is often configurable, as is the timing, and
    these modems often offer a way to disable this feature]


    #1 and #3 require the ability of the website to insert and run
    a program on your system. #2 can't be touched (unless there happens
    to be a -different- serial port controlling it, or a way to configure
    it through the network or whatever.) #4 was common 20 years ago, but
    after a few years mostly made way to #5.

    With #4, it used to be relatively easy to get to the modem, using
    tricks such as programming the terminal "answerback" and then triggering
    the "answerback" to be sent. But answerbacks did not provide any
    timing control (e.g., one second "guard time" around the +++), so those
    methods were useless against #5. #5 pretty much requires inserting
    a program onto your system.


    Now, the above answer is in terms of information such as modem serial
    number, but it shouldn't be taken as the -only- possible answer.

    Modems are never -really- identical. If you have a good DSP (Digital
    Signal Processor) on the modem on answering side, and some good software,
    then you [as the site owner] could do probes at the V.42 infrastructure
    layer, and could otherwise watch for unique timing characteristics
    of the bit patterns. For example, you [the analyst] might discover
    the bounds of the hysteresis of the 5th and 8th bits of
    a data constellation are characteristic on one particular modem,
    or you might discover that the modem always transmits the wrong
    bit pattern for certain characters, with it not usually mattering
    because there are always extra bits sent to allow ECC (Error Correction).

    Does anyone actually go to the trouble of "fingerprinting" particular
    modems? I don't know. I don't -know- of any available software for
    such a thing, but I don't work with that kind of security so it wouldn't
    have come to my attention. My suspicion is that the TLA's
    ("Three Letter Acronyms" -- CIA, FBI, etc.) could probably do such
    a thing with little difficulty.
    --
    Entropy is the logarithm of probability -- Boltzmann
     
    Walter Roberson, Jun 13, 2005
    #2
    1. Advertising

  3. Jot Smevle

    Jot Smevle Guest

    Walter Roberson wrote:
    > In article <d8j8uk$8qk$>,
    > Jot Smevle <> wrote:
    > :I have searched Google both webpages and usenet, and can find nothing on
    > :this. I'm sure somebody asked before---
    >
    > :Can a website identify the modem I use? That is, can it pull from modem
    > :some piece of information thus they can later say "this modem has connected
    > :to us before"?
    >
    > Not reliably.
    >
    > There are several possibilities:
    >
    > 1) An internal modem whose serial number is available by examining the
    > registry or by doing I/O to the right port (e.g., as is done by the
    > Windows Device Manager)
    >
    > 2) An external modem which effectively just dials a pre-configured
    > phone number when DTR is raised, and whose configuration -cannot-
    > be accessed (through the serial port) from the host computer
    >
    > 3) An external modem whose configuration is accessible through the
    > serial port when no call is in progress, but not while one is in
    > progress
    >
    > 4) An external modem whose configuration is accessible while a call
    > is in progress by sending a string such as +++ with the timing
    > of the string not being important [the exact string is often
    > configurable]
    >
    > 5) An external modem whose configuration is accessible while a call
    > is in progress by sending a special string with specific timing
    > [the exact string is often configurable, as is the timing, and
    > these modems often offer a way to disable this feature]
    >
    >
    > #1 and #3 require the ability of the website to insert and run
    > a program on your system.


    I am sufficiently smart to keep that from happening. ;-)


    > #2 can't be touched (unless there happens
    > to be a -different- serial port controlling it, or a way to configure
    > it through the network or whatever.)


    I don't think either my internal winmodem nor any of my three external
    full-chip-set "real" modems act as you described above.


    > #4 was common 20 years ago, but
    > after a few years mostly made way to #5.
    >
    > With #4, it used to be relatively easy to get to the modem, using
    > tricks such as programming the terminal "answerback" and then triggering
    > the "answerback" to be sent. But answerbacks did not provide any
    > timing control (e.g., one second "guard time" around the +++), so those
    > methods were useless against #5.


    Is there any way I can test my modems to see if this is true of them? I do not
    have a LAN nor any way to set one up, if that matters for this (though I would
    think not, as Ethernet doesn't use modems, but I'm not versed enought to tell
    for sure).


    > #5 pretty much requires inserting
    > a program onto your system.


    Again, I know how to prevent/catch/remove that sort of thing. ;-)

    > Now, the above answer is in terms of information such as modem serial
    > number, but it shouldn't be taken as the -only- possible answer.
    >
    > Modems are never -really- identical. If you have a good DSP (Digital
    > Signal Processor) on the modem on answering side, and some good software,
    > then you [as the site owner] could do probes at the V.42 infrastructure
    > layer, and could otherwise watch for unique timing characteristics
    > of the bit patterns. For example, you [the analyst] might discover
    > the bounds of the hysteresis of the 5th and 8th bits of
    > a data constellation are characteristic on one particular modem,
    > or you might discover that the modem always transmits the wrong
    > bit pattern for certain characters, with it not usually mattering
    > because there are always extra bits sent to allow ECC (Error Correction).
    >
    > Does anyone actually go to the trouble of "fingerprinting" particular
    > modems? I don't know. I don't -know- of any available software for
    > such a thing, but I don't work with that kind of security so it wouldn't
    > have come to my attention. My suspicion is that the TLA's
    > ("Three Letter Acronyms" -- CIA, FBI, etc.) could probably do such
    > a thing with little difficulty.


    Not what I'm concerned about; way above my "threat model" ;-)

    Thank you for your answer!
     
    Jot Smevle, Jun 13, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jo Dude

    Bluetooth wireless Network - can it be done?

    Jo Dude, Apr 17, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    1,639
    Jo Dude
    Apr 20, 2005
  2. Michael Bauer

    router to router setup can it be done?

    Michael Bauer, Jul 5, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    732
    Jack \(MVP\)
    Jul 6, 2005
  3. How can I be down
    Replies:
    0
    Views:
    422
    How can I be down
    Oct 15, 2003
  4. Karen  Parker
    Replies:
    32
    Views:
    1,065
    Karen Parker
    Aug 27, 2004
  5. Karen  Parker
    Replies:
    7
    Views:
    345
    JohnO
    Aug 26, 2004
Loading...

Share This Page