Modems

[cricket]

I was talking to a computer science student last week, and he told me that a modem always recieves the data being sent down a phone line but it drops everything that isn't addressed to it. Wtf, that isn't right is it?

I was considering how to pull of a MITM attack using my modem. I came up with:
1.  Inject a dial tone so that the target will dial out.
2.  Send ATA command to my modem.
3.  Emulate client\server.

While this works for known communication protocols, it leaves no way to simply intercept and inject
raw data into an established connection.

Is there a way to set up a modem to passively listen to communication between two other modems
without recording the analog signal and replaying it?
Just to clarify, I'm not talking about TCP/IP communication.

[RijilV]

I think whoever you were talking to got modem confused with the TCP/IP protocol stack.. yeah anything I send over your modem link will get received by your computer, but only that which is addressed to your system will (ordinarily) be used.


As far as MiTM attacks, I think you've being a bit vague..

If all you're concerned about is seeing the traffic going out to the modem just get a serial line sniffer.

If you want to proxy a modem call, you might find something with Asterisk that lets you do a software modem, and plug in an FXS card.  that will give you all the right line voltages and such.  Then have another modem in the proxy machine that simultaneously executes whatever the software modem is receiving and feeds the output back to the software modem.  Should work okay, there will be a delay though.

As for just passively listening, you can do this - just clip in another modem and issue ATH1.  Though mind you, with V.92 and the such it might not work.  Should be fine with old 9600 baud though.

 

[cricket]

I think whoever you were talking to got modem confused with the TCP/IP protocol stack.. yeah anything I send over your modem link will get received by your computer, but only that which is addressed to your system will (ordinarily) be used.


As far as MiTM attacks, I think you've being a bit vague..

If all you're concerned about is seeing the traffic going out to the modem just get a serial line sniffer.

If you want to proxy a modem call, you might find something with Asterisk that lets you do a software modem, and plug in an FXS card.  that will give you all the right line voltages and such.  Then have another modem in the proxy machine that simultaneously executes whatever the software modem is receiving and feeds the output back to the software modem.  Should work okay, there will be a delay though.

As for just passively listening, you can do this - just clip in another modem and issue ATH1.  Though mind you, with V.92 and the such it might not work.  Should be fine with old 9600 baud though.

 

Thanks for the response.

I think the guy was actually confusing the two link layers' functionality in a sleep state though.

If you would bear with me I just have a couple more questions, hopefully.

While my modem is offline via ATH1 does is still decompress compressed data?
If one of the target hosts hangs up, will my modem prevent the hangup?

As far as the MITM goes, I'm talking about spoofing the client to believe that I am the server and vice versa. What I meant by 'this only works for known communication protocols' is this:

I can write a suitable program to handle the communication only if I know the protocols used by either the client or the server- same for the application layer.
On the other hand, setting up a TCP handshake with a client that runs unknown software is useless. What I need to do in that case is passively listen to connections, inject known data into several tranactions so that I can figure out what the rest of the noise is.
It's a whole lot harder to say what I mean, then it is to know what I mean.
If you still want details, I'll answer any questions.
 

[Zazen]

1.  Inject a dial tone so that the target will dial out.
2.  Send ATA command to my modem.

I remember using this years ago to connect to systems that require callback. It rarely worked for me back then. I think it'll be even more rare now.

[cricket]

1.  Inject a dial tone so that the target will dial out.
2.  Send ATA command to my modem.

I remember using this years ago to connect to systems that require callback. It rarely worked for me back then. I think it'll be even more rare now.

I think that went wrong your "callback intercept" is:
A: Your lying
B: You didn't do any research concerning your target.
    Thereby eliminating problems originating from incompatable DCE. (mainly wasted time)
C: Shitty phone lines

Unless the issues that you had originated from anywhere but the physical\link layer, in which case
your posting a reply in the wrong thread.

Was your modem set to transmit a carrier?

[taken from a primer on asynchronus modem communication]
The frequency of the carrier sine wave, how many carrier waves there actually are, the physical
modulation technique, and the speed at which the two modems can modulate or demodulate the digital
signal are all attributes of the modulation standard. For two modems to communicate, they must be able
to first negotiate to a common modulation standard.
Notice that the modulation technique is not equivalent to the modulation standard.

[Zazen]

Do you have any suggestions that might help me to communicate more effectively, while leaving out
the perpetual quest for cheap 1337ness that is sometimes displayed around the scene?

Yes, avoid this:

The frequency of the carrier sine wave, how many carrier waves there actually are, the physical
modulation technique, and the speed at which the two modems can modulate or demodulate the digital
signal are all attributes of the modulation standard. For two modems to communicate, they must be able
to first negotiate to a common modulation standard.
Notice that the modulation technique is not equivalent to the modulation standard.

The reasons that it rarely worked was that the system either:

Was effective at hanging up before calling back.
Called back from a different line.

[cricket]

1.  Inject a dial tone so that the target will dial out.
2.  Send ATA command to my modem.

I remember using this years ago to connect to systems that require callback. It rarely worked for me back then. I think it'll be even more rare now.

Yeah the frequency with which systems are effectively hanging up before callback is definitely on the rise!

Maybe you should have targeted the right system.
That's exactly what you want the system to do -hangup, then callback.
After it hangs up, your sitting there sending a dialtone down the line so that if it's ATDTing it'll still dial.
Then after it dials out, you send ATA to your modem so that it sends a carrier.

Then:

The frequency of the carrier sine wave, how many carrier waves there actually are, the physical
modulation technique, and the speed at which the two modems can modulate or demodulate the digital
signal are all attributes of the modulation standard. For two modems to communicate, they must be able
to first negotiate to a common modulation standard.
Notice that the modulation technique is not equivalent to the modulation standard.

And If it called back on a different line than please refer to B. above

So in closing, you are still posting in the wrong thread