Some security directors get themselves into a bind. They recognize the important value of having direct dial-up lines for easy access, but they also understand that anytime a person is able to call a computer directly, a security breach is not only possible - it's unstoppable.
To overcome this, security-minded folk will not allow direct dial-up access to the real computers. They will only allow access to an intermediary de-vice or computer which firewalls important data from potential hackers.
For example, one may dial-up a computer whose purpose is only to check authorization codes. When access is confirmed, the caller is trans-ferred to a line connected to the actual computer. There, the caller may have to identify his or her private account by username and password. As long as the password to the initial
computer is kept secure and changed frequently, the important data on the actual computer is free from harm.
In states where Caller-ID service is legal (and even in those states where it is not, or isn't avail-able) it is possible to set up a modem to only hand-shake with a user who is calling from an authorized phone number. The system administrator keeps a list of the home phone numbers and office numbers of legitimate users, and if the computer sees that the incoming call is not from one of those, there is an immediate disconnect. The call would also be disconnected if the caller had enabled Call-Blocking, which disallows the Caller-ID from reading one's phone number.
Where Caller-ID is unavailable or unknown, a ring-back feature may be put to use. Once a caller inputs correct identifying information, the host computer disconnects and calls back a stored tele-phone number which goes with the identity that has been entered. This is the normal way ring-back works, but in some instances (such as the RBBS-PC electronic bulletin board system) the ring-back op-tion means that a caller lets the phone ring X times, then hangs up and calls back again. This time the BBS will answer the phone. If the caller had origi-nally let the phone ring more than X times, the computer would have ignored the call completely, thus providing a layer of security. So if you have a number you know belongs to a computer, but there is no answer, try letting it ring a different number of times, then call back immediately.
A host computer may also not connect a caller until a certain code is played on a Touch Tone phone. Since the code would ordinarily be played by the terminal program of the calling computer, this code may be very long and complicated, thus difficult to crack by chance or force.
As you can see, all of these dial-up security measures make life difficult for the hacker. One may social engineer the knowledge out of a legiti-mate user of the system, but often the hacker won't even know that such extreme security measures are in effect to begin with.
You may be randomly dialing through a range of phone numbers because you have reason to sus-pect that a computer line exists within that range. If one of the numbers is never answered no matter how often you call, you can surmise a ringback or similar device is connected to the other end. If you call one number and
hear a computer at the other end but aren't connected, suspect that the computer is looking at your phone number and seeing if it's valid.<A knowledgeable hacker could temporarily change his phone number to one that the computer recognizes, by hacking the telephone system mainframes. However, it is still necessary to
know that phone number.> (Either that, or what you're really trying to connect to is a fax machine.) Caller-11)
type sys-tems, and those which call back a phone number, will be especially common on computer systems whose users are situated within a close regional area. The remote system may also be trying to de-tect special tones encoded in the modulation. Though it is a dial-in line, special equipment may be needed to connect with it.
Sometimes the system managers get so tricky as to disguise the fact that they have a dial-up com-puter available at all. When a user calls up to use the computer, a special device answers the phone. Instead of hearing the characteristic modem noises, a user might get a recorded voice, static, or nothing at all until a specific password is sent from the calling modem to the remote system. You can see how this would easily foil any WarGames dialer.
AD in all, devices which inhibit access to the ac-tual computer are nothing more than one more layer of security to get by. Luckily, the majority of computers do not employ such tactics, and are easier to crack than a hard boiled egg.
