Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Can it be done?
- Jot Smevle
June 13, 2005, 3:34 am
rate this thread
this. I'm sure somebody asked before---
Can a website identify the modem I use? That is, can it pull from modem
some piece of information thus they can later say "this modem has connected
to us before"?
Assume use of Privoxy and Tor, and a careful use of anti-virus/anti-trojan.
Thank for your time.
Re: Can it be done?
:this. I'm sure somebody asked before---
:Can a website identify the modem I use? That is, can it pull from modem
:some piece of information thus they can later say "this modem has connected
:to us before"?
There are several possibilities:
1) An internal modem whose serial number is available by examining the
registry or by doing I/O to the right port (e.g., as is done by the
Windows Device Manager)
2) An external modem which effectively just dials a pre-configured
phone number when DTR is raised, and whose configuration -cannot-
be accessed (through the serial port) from the host computer
3) An external modem whose configuration is accessible through the
serial port when no call is in progress, but not while one is in
4) An external modem whose configuration is accessible while a call
is in progress by sending a string such as +++ with the timing
of the string not being important [the exact string is often
5) An external modem whose configuration is accessible while a call
is in progress by sending a special string with specific timing
[the exact string is often configurable, as is the timing, and
these modems often offer a way to disable this feature]
#1 and #3 require the ability of the website to insert and run
a program on your system. #2 can't be touched (unless there happens
to be a -different- serial port controlling it, or a way to configure
it through the network or whatever.) #4 was common 20 years ago, but
after a few years mostly made way to #5.
With #4, it used to be relatively easy to get to the modem, using
tricks such as programming the terminal "answerback" and then triggering
the "answerback" to be sent. But answerbacks did not provide any
timing control (e.g., one second "guard time" around the +++), so those
methods were useless against #5. #5 pretty much requires inserting
a program onto your system.
Now, the above answer is in terms of information such as modem serial
number, but it shouldn't be taken as the -only- possible answer.
Modems are never -really- identical. If you have a good DSP (Digital
Signal Processor) on the modem on answering side, and some good software,
then you [as the site owner] could do probes at the V.42 infrastructure
layer, and could otherwise watch for unique timing characteristics
of the bit patterns. For example, you [the analyst] might discover
the bounds of the hysteresis of the 5th and 8th bits of
a data constellation are characteristic on one particular modem,
or you might discover that the modem always transmits the wrong
bit pattern for certain characters, with it not usually mattering
because there are always extra bits sent to allow ECC (Error Correction).
Does anyone actually go to the trouble of "fingerprinting" particular
modems? I don't know. I don't -know- of any available software for
such a thing, but I don't work with that kind of security so it wouldn't
have come to my attention. My suspicion is that the TLA's
("Three Letter Acronyms" -- CIA, FBI, etc.) could probably do such
a thing with little difficulty.
Entropy is the logarithm of probability -- Boltzmann
Re: Can it be done?
I am sufficiently smart to keep that from happening. ;-)
I don't think either my internal winmodem nor any of my three external
full-chip-set "real" modems act as you described above.
Is there any way I can test my modems to see if this is true of them? I do not
have a LAN nor any way to set one up, if that matters for this (though I would
think not, as Ethernet doesn't use modems, but I'm not versed enought to tell
Again, I know how to prevent/catch/remove that sort of thing. ;-)
Not what I'm concerned about; way above my "threat model" ;-)
Thank you for your answer!
- » Solution for securing VPN/RAS using 2-factor SMS Authentication
- — Previous thread in » General Computer Security