Re: 1+2=3, +++ATH0=Old school DoS

[xdesign () HOTMAIL COM (Daniel Hauck)]

With all due respect to you and your prior efforts, I will also add that I
tested the attack against a random channel on IRC and I downed about 33-40%
of the victims tested against.

In spite of what you are mentioning, it seems apparent that the folks at
Rockwell did not purchase the patent...and Rockwell chipset modems are quite
popular these days.  My own dialup modem was suseptable to the attack (ref:
the pipebomb blew up in my face.) until I fixed that.  The stuff at work was
also Rockwell based until I fixed it.  The results are surprisingly good.

Though it's an old attack (from way back in the BBS days) it's still quite
valid.

--my 2 cents.

-----Original Message-----
·ol: Brett Glass <brett () LARIAT ORG>
ˆ¶æ: BUGTRAQ () NETSPACE ORG <BUGTRAQ () NETSPACE ORG>
“úŽž: 1998”N9ŒŽ28“ú 0:41
Œ–¼: Re: 1+2=3, +++ATH0=Old school DoS


> I'm not entirely sure that these "kidz" quite understand what's going on
> here, so it probably pays to elucidate a bit.
>
> Some time ago, Hayes Microcomputer Products got a patent -- known as the
> "Heatherington patent" -- on its method of doing modem escape sequences.
> The patent was a "submarine" patent -- that is, one that issues long after
> others in the industry have begun using the same technique or technology --
> and was bitterly disputed by other modem vendors, who didn't want to pay
> money to Hayes. However, Hayes gradually one most of the lawsuits due to
> deep pockets,  clever lawyers, and the idiosyncrasies of the patent system.
>
> The patent involved the timing of the escape sequence: The characters "+++"
> followed by a 1-second pause. To get around the patent, some modem vendors
> simply eliminated the pause, so that the sequence +++AT would bring the
> modem back to command mode in all cases.
>
> Hayes, bitter about not being paid royalties by these vendors, sabotaged
> its own press releases by placing the characters "+++ATH0" at the top of
> each document and then circulating them widely. (The idea, I suppose, was
> to make the press believe that other brands of modems were not reliable.) I
> exposed this primitive denial of service attack in my InfoWorld column in
> 1991.
>
> Eventually, modem chip vendors licensed the patent, so that modem
> manufacturers didn't need to anymore. At that point, the whole issue became
> moot and the production of modems that didn't require a pause after the
> "+++" stopped.
>
> Today, it's rare to find a modem that responds to the attack unless there
> happens to be a long pause in the data stream after the "+++". Most ISPs
> program their modems to ignore the "+++" sequence, and so make their modems
> immune to it. You can, too, by setting the proper "S-register" on your
> modem. (You can still hang up the modem by dropping the DTR line, as
> virtually all communications programs do nowadays.)
>
> Therefore, this DoS attack isn't a big deal. It's easily preventable,
> rarely effective, and relatively harmless (all you have to do, if it hits,
> is redial).
>
> --Brett Glass