Home page logo

bugtraq logo Bugtraq mailing list archives

Re: 1+2=3, +++ATH0=Old school DoS
From: brett () LARIAT ORG (Brett Glass)
Date: Sun, 27 Sep 1998 23:27:34 -0600

I'm not entirely sure that these "kidz" quite understand what's going on
here, so it probably pays to elucidate a bit.

Some time ago, Hayes Microcomputer Products got a patent -- known as the
"Heatherington patent" -- on its method of doing modem escape sequences.
The patent was a "submarine" patent -- that is, one that issues long after
others in the industry have begun using the same technique or technology --
and was bitterly disputed by other modem vendors, who didn't want to pay
money to Hayes. However, Hayes gradually one most of the lawsuits due to
deep pockets,  clever lawyers, and the idiosyncrasies of the patent system.

The patent involved the timing of the escape sequence: The characters "+++"
followed by a 1-second pause. To get around the patent, some modem vendors
simply eliminated the pause, so that the sequence +++AT would bring the
modem back to command mode in all cases.

Hayes, bitter about not being paid royalties by these vendors, sabotaged
its own press releases by placing the characters "+++ATH0" at the top of
each document and then circulating them widely. (The idea, I suppose, was
to make the press believe that other brands of modems were not reliable.) I
exposed this primitive denial of service attack in my InfoWorld column in

Eventually, modem chip vendors licensed the patent, so that modem
manufacturers didn't need to anymore. At that point, the whole issue became
moot and the production of modems that didn't require a pause after the
"+++" stopped.

Today, it's rare to find a modem that responds to the attack unless there
happens to be a long pause in the data stream after the "+++". Most ISPs
program their modems to ignore the "+++" sequence, and so make their modems
immune to it. You can, too, by setting the proper "S-register" on your
modem. (You can still hang up the modem by dropping the DTR line, as
virtually all communications programs do nowadays.)

Therefore, this DoS attack isn't a big deal. It's easily preventable,
rarely effective, and relatively harmless (all you have to do, if it hits,
is redial).

--Brett Glass

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]