On Sat 2001-01-13 (16:22), Michael wrote:
> complaining that are often under +++ATH0 attack. Is their a way to
> deny +++ATH0 packets from the AS5300 access servers going to our
> users? It is difficult to ask all our users to disable AT sessions
the problem is not anything your access server is sending but your
user's computer sending the string '+++ATH0' to your user's not
standard compliant modem. the standard defines a short pause
between the '+++' and the 'AT' command to make sure the modem
doesn't take any random '+++AT' string sent as command.
a common way to attack is to send ICMP Echo packets (ping) with the
string '+++ATH0' inside. if the user's system answers the packet
with ICMP Echo Reply (ping answer) it will send back the payload
inside too and a crappy modem will see '+++ATH0' and hang up.
none of your problems I'd say. anything making your user send this
contiguous string will make the modem hang up. It's common in IRC
to send some message in IRC which a user's client might
automatically return, same effect.
--
MfG/best regards, helmut springer Die andern schon scheintot,
Du springst aufs Podest...
Du bist besser dran, Brille,
besser, viel besser als der Rest.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
