attachment-0001
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<blockquote type="cite">
<pre wrap="">In my previous experience with government agencies,
the primary concern about PSTN Fax was that it could be
used *from a compromised system or by a rogue walkup
user* to export documents and system configuration
information invisibly, i.e., w/out passing through a firewall
and w/out any chance of detection by smart routers
(ones with embedded firewalls).</pre>
</blockquote>
Also know as "sending a fax"?<br>
<br>
<br>
My understanding of the concern about PSTN fax modems is that someone
could establish a
data session on the fax modem through which they gain access to the
customer
network, circumventing the firewall. But I have never heard of any
actual exploits, nor even the technical possibility of an exploit, so I
consider it to be an irrational fear. I guess its
easier to visualize someone sneaking things past a firewall through a
fax modem than it is to visualize something like XSS or SQL injection
:-).<br>
<pre class="moz-signature" cols="76">--
Regards,
Brian Smithson
PM, Security Research
PMP, CSM, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435</pre>
<br>
<br>
Ira McDonald wrote:
<blockquote
cite="mid:e395be80908140756q3f12e567g45d2a64def013597@mail.gmail.com"
type="cite">
<pre wrap="">Hi Randy,
Not that I know of.
In my previous experience with government agencies,
the primary concern about PSTN Fax was that it could be
used *from a compromised system or by a rogue walkup
user* to export documents and system configuration
information invisibly, i.e., w/out passing through a firewall
and w/out any chance of detection by smart routers
(ones with embedded firewalls).
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Blue Roof Music/High North Inc
email: <a class="moz-txt-link-abbreviated" href="mailto:blueroofmusic@gmail.com">blueroofmusic@gmail.com</a>
winter:
579 Park Place Saline, MI 48176
734-944-0094
summer:
PO Box 221 Grand Marais, MI 49839
906-494-2434
On Thu, Aug 13, 2009 at 9:55 PM, Randy Turner<a class="moz-txt-link-rfc2396E" href="mailto:rturner@amalfisystems.com"><rturner@amalfisystems.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Are there any documents on the internet that you guys know about that
describe existing attack vectors on PSTN/Analog Fax lines?
Randy
On Aug 13, 2009, at 6:44 PM, Ira McDonald wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi Randy,
It's not that we don't care about IFax.
It's that all forms of Internet Fax have protocols and IP
ports that would be reported in HCD_Firewall_Setting.
But many businesses and government agencies ALSO
want to close the "back door" of PSTN Fax.
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Blue Roof Music/High North Inc
email: <a class="moz-txt-link-abbreviated" href="mailto:blueroofmusic@gmail.com">blueroofmusic@gmail.com</a>
winter:
579 Park Place Saline, MI 48176
734-944-0094
summer:
PO Box 221 Grand Marais, MI 49839
906-494-2434
On Thu, Aug 13, 2009 at 9:02 PM, Randy Turner<a class="moz-txt-link-rfc2396E" href="mailto:rturner@amalfisystems.com"><rturner@amalfisystems.com></a>
wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi All,
When we came up with this attribute, we include PSTN in the name, which
means we only care about PSTN fax, and not internet-fax options such as
T.38
or other fully capable iFax features.
Did we mean to do this? We only care about PSTN? Which I assume to mean
analog fax?
Randy
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
ids mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ids@pwg.org">ids@pwg.org</a>
<a class="moz-txt-link-freetext" href="https://www.pwg.org/mailman/listinfo/ids">https://www.pwg.org/mailman/listinfo/ids</a>
</pre>
</blockquote>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
<br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body>
</html>