Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Ancient Trivia: +++ath0
From: cstone <cstone () pobox com>
Date: Wed, 17 Mar 2004 20:30:39 -0600

On Wed, Mar 17, 2004 at 08:42:55PM -0500, Luke Scharf wrote:
As the old BBS'ers and even older folks know, the string "+++ath0" will
disconnect a modem.  Once upon a time, I had this string in my e-mail
signature.  Some folks using Windows and a dialup line couldn't respond
to my e-mail, even though the e-mail was being sent via PPP and all that
good stuff.  Everyone could receive the mail, though, so I'm assuming
that the ISP was was running a decent implementation of PPP -- although
since I haven't used modems in years, I can't rule out that the ISP was
using some sort of non-Hayes modem.

Does anyone know what versions of windows had this particular bug in the
PPP implementation?  Were any other systems affected?

This wasn't a Windows bug; instead, it was a flaw in most
non-Hayes* modems.  These commands (the +++ escape and ATH0) are only
meaningful when they're sent outbound through the modem; this is why
everyone was able to read your message, but were unable to reply--
their replies entailed sending the message, +++(command) included,
over the wire.  

If TCP/IP over PPP is involved, there's a chance that the +++ may be 
split into different packets -- in this case, the data would
go through just fine -- but it's more likely that it all gets sent
right next to each other when it actually goes through the modem.

This has made the rounds of bugtraq and other security forums a few
times, usually with mentions of "exploits" involving ICMP echo
and/or IRC.  (For an example of this, see

* = Hayes has a patent on a scheme to protect against unintentional
triggering of the escape sequence; on their modems, you have to
wait a specific amount of time before and after the +++ before
issuing a command.  

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]