In what seems to be an exploit searching frenzy, Haochi uncovered another XSS vulnerability that easily and without the victims consent can steal cookies and hijack your Google account.  Like the last two found (within in the last 16 days), the bad guy only has to host a website and get someone to visit.

I will not give you details as to how the exploit works until it has been fixed — but I can tell you that it is extremely easy for anyone who knows HTML to exploit.

I highly recommend making sure you are completely logged out of your Google account while browsing the internet until we have an official statement from Google stating their security team has thoroughly reviewed every Google property for these types of vulnerabilities.  If Google needs help, I’m sure Haochi and Tony would be up for the challenge!

From: http://ha.ckers.org/

When the Steve Rambam talk at HOPE Number Six was disrupted by his arrest minutes before he was scheduled to go on stage, we vowed to make sure it would one day be presented to the public. That day occurred on Thursday, November 16, 2006. HOPE Number Six finally came to an end with a three hour talk at the Stevens Institute in Hoboken, New Jersey that focused on just how much information on each of us is readily accessible to virtually anyone. Steve also revealed all of the information he was able to find on a volunteer “victim” and answered all sorts of questions from the standing room only audience, including what really happened back in July.

Download the audio of this presentation:
Compact Size MP3 (16Kbps Mono)
Part 1

Part 2

Part 3
 

We’ve got :
• Script of step by step points to argue
• CEO’s phone number
• Source documents for your reference
• A slew of Cingular corporate contacts
• A big picture of the Cingular “Jack” with a screw in his butt.

We’re not sure if it will work but this information comes to us courtesy of a very disgruntled customer who says he used it to cancel his contract after 8 years of service. He writes…

“Why all this… well I asked to be grandfathered or credited for the difference (about 1 buck per month) for the 10–>15 cent text message difference till my contract ended in early 2007. I was told I can’t read, threatened with collections (Hmm.. I’m on automatic billing), and told Cingular would NOT credit me for airtime even though they called me on my wireless phone. Enjoy.Signed, an 8 year customer who never missed a payment.”

STEPS

1. Go to the top/bottom/middle of your January bill. Note this section.

“NOTICE OF DISPUTE RESOLUTION AGREEMENT IN CONTRACT. We are pleased to advise you that Cingular has revised the ARBITRATION CLAUSE in our standard Wireless Service Agreement to make it even better for consumers. The revised arbitration clause can be found at www.cingular.com/disputeresolution. This revision is effective immediately.”

2. Call Cingular customer service. 1-888-CINGULAR.

3. Say to the rep, “Can I ask you a question?”

4. They say, “Yes.”

5. Refer to the text below. Ask, “Does this arbitration clause applies to me?”

“DISPUTE RESOLUTION BY BINDING ARBITRATION, Please read this carefully. It affects your rights.”…”Any arbitration under this Agreement will take place on an individual basis; class arbitrations and class actions are not permitted.”

6. Cingular will say yes.

7. Say, “I was also reading this section 7 in the CTIA policy found on your website.”

8. Read this aloud:

“Provide customers the right to terminate service for changes to contract terms. Carriers will not modify the material terms of their subscribers’ contracts in a manner that is materially adverse to subscribers without providing a reasonable advance notice of a proposed modification and allowing subscribers a time period of not less than 14 days to cancel their contracts with no early termination fee.”

9. Say to the rep:

“Losing my ability to be part of a class action lawsuit removes a legal right. Therefore, preventing me from being part of a class is an adverse effect. My bill says *This revision is effective immediately*. I was not provided a 14 day or greater period of time before this modification goes into effect. Therefore, the CTIA policy permits me to terminate service without an ETF due to the implementation of these changes.”

10. If the rep argues that the arbitration change is not materially adverse, cite this:

The United States courts of appeals in the case of CUNNINGHAM v FLEETWOOD HOMES cited as Nos. 00-12225, 00-12510 found that arbitration clauses, like other forum selection clauses, are considered material terms.

The case is available here
You can note the two following excerpts from the case:

[13]Magnuson-Moss’s treatment of informal dispute resolution mechanism clauses in warranties is consistent with general contract law, in that arbitration clauses, like other kinds of forum selection clauses, are generally considered material terms under state law variants of the Uniform Commercial Code. See Coastal Indus., Inc. v. Automatic Steam Prods. Corp., 654 F.2d 375 (5th Cir.1981) (finding unilateral insertion of arbitration clause per se alteration of the contract under state law); General Instrument Corp. v. Tie Mfg., Inc., 517 F.Supp. 1231, 1234 (S.D.N.Y.1981) (finding forum selection clause materially alters contract for Connecticut corporation); Lorbrook Corp. v. G&T Industries, Inc., 162 A.D.2d 69, 562 N.Y.S.2d 978, 980 (1990) (discussing addition of forum selection term as material alteration to prior agreement); see also Michael A. Stiegal & Debra J. Williams, The Battle of the Forms: UCC Section 2-207, in PLI Commercial Law & Practice Course Handbook Series Order No. A4-4297 at 6 (1990) (stating that “[i]t is generally recognized that a ‘forum selection’ clause ‘materially alters’ a contract within the meaning of U.C.C. § 2-207″).

(To understand what a forum is go to http://en.wikipedia.org/wiki/Arbitration_clause
“An arbitration clause is a commonly used clause in a contract that requires the parties to resolve their disputes through an arbitration process. Although such a clause may or may not specify that arbitration occur within a specific jurisdiction, it always binds the parties to a type of resolution outside of the courts, and is therefore considered a kind of forum selection clause.”)

10: Revel in your canceled contract.

11. Be sure to ask them to “note the account” for the cancellation, and secure some kind of confirmation/cancellation number. Wouldn’t to go through all that work only to find a rep lied to you just to get you off the line.

12. If you’re not quitting entirely, just switching from yearly to month-to-month, you can also ask for these codes to be added to your account:
Request transition to rate codes
• “NAG4″ - “/NAT P 1000R UM2M” - It’s 1000 rollover anytime minutes for $39.99. It does NOT include night/weekends, but for just $8.99 you can add them on 7pm-7am. You must add the feature from the web account, don’t ask them to do it.
• “/200BONUSMINUTES” - If you’ve had a really nasty experience the system allows adding on as part of your (compensation) plan, 200 extra rollover mins every month.
• Ask to be added to a FAN (Foundation Account Number), tell them to find you one, hit the Fortune 500 list of companies if you need some suggestions. Percents off monthly bills are generally 10%-15%. If you get a FAN added to your account, you can get 10-30% off new equipment / accessories through business customer care. They have to ship it to you (stores are clueless/problematic).

13. Getting the run around to get paperwork, mail copies, or come to the store?

Calm down, take a few breaths and read this in a bland tone and request not to be interrupted:

“I have a few question and you will be provided with an opportunity to answer after I have stated my full thought” “You claim I entered into this contract orally over the phone. I wish to use the same method of contact for this cancellation. Forcing me to mail, fax, or come into the store with documentation or come in person seems to be a purposeful attempt to block my cancellation request. I expect you to honor my preferred method of contact in completing this cancellation. Will you accept my preferred method of contact and assist me?”

They are unlikely to say no. If they do, reference CTIA policy section 8:

“Provide ready access to customer service. — Customers will be provided a toll-free telephone number to access a carrier’s customer service during normal business hours.” “Additionally, your website provide a variety of contact methods. It says I can contact you directly via chat, email, phone or in person. I choose to use the this phone conversation to complete my cancellation request, will you assist me?” (Link is http://www.cingular.com/about/contact-us/contact-us.jsp)

LAST WORDS

* If they won’t cancel the contract, escalate to a supervisor.
* If they say, “He/She’s busy, can they call you back?” Ask to be put on hold, as they will probably never call you back.
* If the above doesn’t get you anywhere, try pitching your case to the executive customer service team attached to CEO Stanley Sigman’s office at 1-866-220-8446. Read this post to find out how executive customer service works.

Stanley T. Sigman - President, Chief Executive Officer
3051 Bienville Blvd
Ocean Springs, MS 39564
1-866-220-8446 - President’s Office

* You could also try the corporate contacts listed in section D below. You’d be surprised what people will do to get a phone to stop ringing on their desk.
* Put on your warrior gaze. They don’t let pussies escape their contract without paying an early termination fee, you gotta fight for it.
* If the rep tries to steer you away and point how awesome the new arbitration agreement is because they pay for your legal fees, or in anyway tries to reroute the conversation, just keep insisting on step 5. As many times as necessary.
* If one rep won’t let you cancel, hang up and try again. You may get someone nice… or weaker.
* It took our original tipster 7 tries with calls lasting 45-60 minutes each before he successfully canceled without termination fee.

Good luck!

— BEN POPKEN

APPENDIX:
A: Notice of dispute resolution by binding arbitration
B: Sample bill
C: CTIA Code
D: Slew of Cingular Corporate Contacts

Click to enlarge:

C: SLEW OF CINGULAR CORPORATE CONTACTS

Need some extra numbers to call after trying customer service or 611 ??
About 35 direct numbers to people’s desk and cellphones in the corporate offices. For an up-to-date list, go to
http://cingular.mediaroom.com/index.php?s=contacts

Letters to Cingular can be addressed to:

Cingular Wireless
5565 Glenridge Connector
Atlanta, GA 30342
Main phone number: 404-236-6000

Media Relations Contacts
National Contacts

Media relations planning and strategy, principal company spokesperson
Mark Siegel
Executive Director Media Relations
404-236-6312 (office)
404-374-2799 (wireless)
Email: mark.a.siegel@cingular.com

Corporate initiatives, marketing, sports-oriented sponsorships
(To apply for sponsorships, please go to www.cingular.com/sponsorship. Please do not email or call about applying for sponsorships as funding decisions are not made by public relations)
Clay Owen
Senior Director Media Relations
404.236.6153 (office)
404.538.0124 (wireless)
Email: clay.owen@cingular.com

Public policy initiatives, regulatory and legislative issues
Rochelle Cohen
Senior Director Media Relations
202-419-3007 (office)
202-341-5967 (wireless)
Email: rochelle.cohen@cingular.com

Consumer offers, handset/product initiatives, youth programs,
sponsorships (non-sports related)
Jennifer Bowcock
Director Media Relations
404-236-6319 (office)
404-213-1204 (wireless)
Email: jennifer.bowcock@cingular.com

or

Kelleigh Scott Beal
Manager, Media Relations
404-236-6321 (office)
404-285-0172 (wireless)
Email: kelleigh.scott@cingular.com

Business-to-business initiatives, industry analyst program
John Kampfe
Director Media Relations
973-637-9387 (office)
908-432-3473 (wireless)
Email: john.kampfe@cingular.com

Technology and network initiatives, industry analyst program
Ritch Blasi
Director Media Relations
973-637-9449 (office)
908-512-1760 (wireless)
Email: ritch.blasi@cingular.com

Hispanic and Diversity Public Relations
Maria Schnabel
Director, Hispanic Public Relations
404-236-6432 (office)
404-401-7477 (wireless)
Email: maria.schnabel@cingular.com

Regional Contacts
Please refer to specific states

Northeast Media Contacts

Maryland, Virginia, West Virginia, Washington D.C.
Alexa Kaufman
Director Regional Public Relations
301-489-3610 (office)
301-742-0888 (wireless)
Email: alexa.kaufman@cingular.com

Delaware, Eastern Pennsylvania, New Jersey, and New York City
Ellen Webner
Director Regional Public Relations
973-637-9357 (office)
201-532-7292 (wireless)
Email: ellen.webner@cingular.com

Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, Vermont and Upstate New York
Kate MacKinnon
Director Regional Public Relations
781-690-5057 (office)
508-498-5547 (wireless)
kate.mackinnon@cingular.com

Northeast Regional Backup
Susan Ramsey
Director Regional Public Relations
973-637-9467 (office)
203-722-1145 (wireless)
Email: susan.ramsey@cingular.com

Southeast Media Contacts

Alabama, Georgia, Louisiana, Mississippi
Dawn Benton
Director, Regional Public Relations
404-236-5305 (office)
404-202-6335 (wireless)
Email: dawn.benton@cingular.com

Florida
Kelly Starling
Director, Regional Public Relations
561-775-4259 (office)
561-301-1414 (wireless)
Email: kelly.starling@cingular.com

Tennessee, Kentucky, North Carolina and South Carolina
Laurie Parker
Director, Regional Public Relations
615-221-3690 (office)
615-202-3463 (wireless)
Email: laurie.parker@cingular.com

Southeast Regional Back-up
Caroline Crowe
Director Regional Public Relations
678-867-4330 (office)
404-808-8254 (wireless)
Email: caroline.crowe@cingular.com

Central Media Contacts

Illinois, Iowa, Minnesota, Nebraska,
North Dakota, South Dakota, Wisconsin
Chris Comes
Director Regional Public Relations
847-765-3602 (office)
312-282-0539 (wireless)
Email: chris.comes@cingular.com

Kansas, Ohio, Western Pennsylvania,
Indiana, Missouri, and Michigan
Tara Traycoff
Director, Regional Public Relations
314-543-6435 (phone)
314-809-6112 (wireless)
Email: tara.traycoff@cingular.com

Arkansas, Oklahoma and Texas
Frank Merriman
Director Regional Public Relations
469.229.7613 (office)
214-538-3496 (wireless)
Email: frank.merriman@cingular.com

Central Region Backup
Meg Frainey
Director Regional Public Relations
469-229-7784 (office)
214-497-6072 (wireless)
Email: meg.frainey@cingular.com

West Media Contacts

Arizona, New Mexico, Northern California, and Reno
Lauren Garner
Director Regional Public Relations
Phone: 925-819-5362 (wireless)
Email: lauren.garner@cingular.com

Colorado, Idaho, Montana, Oregon, Utah, Washington, and Wyoming
Mike Broom
Director Regional Public Relations
425-580-7710 (office)
206-390-5993 (wireless)
Email: michael.broom@cingular.com

Greater Los Angeles, Las Vegas, San Diego, and Hawaii
Art Navarro
Director Regional Public Relations
562-468-6520 (office)
949-300-1329 (wireless)
Email: art.navarro@cingular.com

West Regional Back-up
Mike Broom
Director Regional Public Relations
425-580-7710 (office)
206-390-5993 (wireless)
Email: michael.broom@cingular.com

Cingular is proud to announce its newest commitment to customer service and wireless quality–the adoption of the Cellular Telecommunications & Internet Association (CTIA) Consumer Code for Wireless Service. We are equally proud that Cingular was the first nationwide carrier that CTIA awarded the right to use the “Seal of Wireless Quality” in our advertising, store collateral, etc., since we were deemed to be in compliance with the Code.

On Sept. 9, 2003, Cingular joined forces with the CTIA and other wireless industry leaders to declare its support and implementation of the Consumer Code as a new voluntary standard for customer fulfillment. The Consumer Code defines 10 customer policies that are founded on three principles: (1) Provide consumers with information to help them make informed choices in selecting wireless service; (2) Help ensure that consumers understand their wireless service and rate plans; and (3) Continue to offer wireless services that meet consumers’ needs. As part of the adoption of the Consumer Code, Cingular and each signatory of the Consumer Code will be able to display a new CTIA Seal of Wireless Quality Service.

“The Consumer Code for Wireless Service formalizes much of what Cingular has been doing for some time now, and we are pleased to announce that we already meet and, in some cases, exceed all principles of the code,” says Cingular Chief Executive Officer Stan Sigman. “We will continue to improve customer communications efforts to ensure our customers are always well-informed, and to make certain we continue to provide wireless service that is the best fit for each of our customers.”

To provide consumers with information to help them make informed choices when selecting wireless service, to help ensure that consumers understand their wireless service and rate plans, and to continue to provide wireless service that meets consumers’ needs, the CTIA and the wireless carriers that are signatories below have developed the following Consumer Code. The carriers that are signatories to this Code have voluntarily adopted the principles, disclosures, and practices here for wireless service provided to individual consumers.
The wireless carriers that are signatories to this Code will:

1. Disclose rates and terms of service to consumers.
For each rate plan offered to new consumers, wireless carriers will make available to consumers in collateral or other disclosures at point of sale and on their Web sites, at least the following information, as applicable: (a) the calling area for the plan; (b) the monthly access fee or base charge; (c) the number of airtime minutes included in the plan; (d) any nights and weekend minutes included in the plan or other differing charges for different time periods and the time periods when nights and weekend minutes or other charges apply; (e) the charges for excess or additional minutes; (f) per-minute long distance charges or whether long distance is included in other rates; (g) per-minute roaming or off-network charges; (h) whether any additional taxes, fees or surcharges apply; (i) the amount or range of any such fees or surcharges that are collected and retained by the carrier; (j) whether a fixed-term contract is required and its duration; (k) any activation or initiation fee; and (l) any early termination fee that applies and the trial period during which no early termination fee will apply.

2. Make available maps showing where service is generally available.
Wireless carriers will make available at point of sale and on their Web sites maps depicting approximate voice service coverage applicable to each of their rate plans currently offered to consumers. To enable consumers to make comparisons among carriers, these maps will be generated using generally accepted methodologies and standards to depict the carrier’s outdoor coverage. All such maps will contain an appropriate legend concerning limitations and/or variations in wireless coverage and map usage, including any geographic limitations on the availability of any services included in the rate plan. Wireless carriers will periodically update such maps as necessary to keep them reasonably current. If necessary to show the extent of service coverage available to customers from carriers’ roaming partners, carriers will request and incorporate coverage maps from roaming partners that are generated using similar industry-accepted criteria, or if such information is not available, incorporate publicly available information regarding roaming partners’ coverage areas.

3. Provide contract terms to customers and confirm changes in service.
When a customer initiates service with a wireless carrier or agrees to a change in service whereby the customer is bound to a contract extension, the carrier will provide or confirm the material terms and conditions of service with the subscriber.

4. Allow a trial period for new service.
When a customer initiates service with a wireless carrier, the customer will be informed of and given a period of not less than 14 days to try out the service. The carrier will not impose an early termination fee if the customer cancels service within this period, provided that the customer complies with applicable return and/or exchange policies. Other charges, including airtime usage, may still apply.

5. Provide specific disclosures in advertising.
In advertising of prices for wireless service or devices, wireless carriers will disclose material charges and conditions related to the advertised prices, including if applicable and to the extent the advertising medium reasonably allows: (a) activation or initiation fees; (b) monthly access fees or base charges; (c) any required contract term; (d) early termination fees; (e) the terms and conditions related to receiving a product or service for “free”;(f) the times of any peak and off-peak calling periods; (g) whether different or additional charges apply for calls outside of the carrier’s network or outside of designated calling areas; (h) for any rate plan advertised as “nationwide,” (or using similar terms), the carrier will have available substantiation for this claim; (i) whether prices or benefits apply only for a limited time or promotional period and, if so, any different fees or charges to be paid for the remainder of the contract term; (ij) whether any additional taxes, fees or surcharges apply; and (j) the amount or range of any such fees or surcharges collected and retained by the carrier.

6. Separately identify carrier charges from taxes on billing statements.
On customers’ bills, carriers will distinguish: (a) monthly charges for service and features, and other charges collected and retained by the carrier, from (b) taxes, fees and other charges collected by the carrier and remitted to federal state or local governments. Carriers will not label cost recovery fees or charges as taxes.

*** 7. Provide customers the right to terminate service for changes to contract terms.
Carriers will not modify the material terms of their subscribers’ contracts in a manner that is materially adverse to subscribers without providing a reasonable advance notice of a proposed modification and allowing subscribers a time period of not less than 14 days to cancel their contracts with no early termination fee.

8. Provide ready access to customer service.
Customers will be provided a toll-free telephone number to access a carrier’s customer service during normal business hours. Customer service contact information will be provided to customers online and on billing statements. Each wireless carrier will provide information about how customers can contact the carrier in writing, by toll-free telephone number, via the Internet or otherwise with any inquiries or complaints, and this information will be included, at a minimum, on all billing statements, in written responses to customer inquiries and on carriers’ Web sites. Each carrier will also make such contact information available, upon request, to any customer calling the carrier’s customer service departments.

9. Promptly respond to consumer inquiries and complaints received from government agencies.
Wireless carriers will respond in writing to state or federal administrative agencies within 30 days of receiving written consumer complaints from any such agency.

10. Abide by policies for protection of customer privacy.
Each wireless carrier will abide by a policy regarding the privacy of customer information in accordance with applicable federal and state laws, and will make available to the public its privacy policy concerning information collected online

<body <script onload<script=alert('xss');> turns into <body .. onload..=alert('xss');> which works in Firefox.

Myspace continues to “patch” the problem simply by stripping “evil” strings it finds offensive rather than take any other route with may actually fix the problem. The problem with Myspace’s stripping is that once it strips a string, it doesn’t go back over the string to check it’s vector. Silly Myspace.

Split the network

I’m starting here by splitting the network into two parts, the trusted half and the untrusted half. The trusted half has one netblock, the untrusted a different netblock. We use the DHCP server to identify mac addresses to give out the relevant addresses.

/etc/dhcpd.conf

ddns-updates off; ddns-update-style interim; authoritative;  shared-network local {  subnet *.*.*.* netmask 255.255.255.0 { range *.*.*.* *.*.*.*; option routers *.*.*.*; option subnet-mask 255.255.255.0; option domain-name "XXXXX"; option domain-name-servers *.*.*.*; deny unknown-clients;  host trusted1 { hardware ethernet *:*:*:*:*:*; fixed-address *.*.*.*; } }  subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.2 192.168.0.10; option routers 192.168.0.1; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.0.1; allow unknown-clients;  } }

IPtables is Fun!

Suddenly everything is kittens! It’s kitten net.

/sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -j DNAT --to-destination 64.111.96.38

For the uninitiated, this redirects all traffic to kittenwar.

For more fun, we set iptables to forward everything to a transparent squid proxy running on port 80 on the machine.

/sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1

That machine runs squid with a trivial redirector that downloads images, uses mogrify to turn them upside down and serves them out of it’s local webserver.

The redirection script

#!/usr/bin/perl $|=1; $count = 0; $pid = $$; while (<>) { chomp $_; if ($_ =~ /(.*.jpg)/i) { $url = $1; system(”/usr/bin/wget”, “-q”, “-O”,”/space/WebPages/images/$pid-$count.jpg”, “$url”); system(”/usr/bin/mogrify”, “-flip”,”/space/WebPages/images/$pid-$count.jpg”); print “http://127.0.0.1/images/$pid-$count.jpgn”; } elsif ($_ =~ /(.*.gif)/i) { $url = $1; system(”/usr/bin/wget”, “-q”, “-O”,”/space/WebPages/images/$pid-$count.gif”, “$url”); system(”/usr/bin/mogrify”, “-flip”,”/space/WebPages/images/$pid-$count.gif”); print “http://127.0.0.1/images/$pid-$count.gifn”;  } else { print “$_n”;; } $count++; }

Then the internet looks like this!

And if you replace flip with -blur 4 you get the blurry-net

Source: http://www.ex-parrot.com/~pete/upside-down-ternet.html

This document describes how to attach modems to a Linux box and allow it to receive calls to connect users to the network. Its like being your own ISP (Internet Service Provider). If your Linux box is connected to the Internet, then the users will also be connected to the Internet. Your Linux box becomes a router. This is also known as RAS (Remote Access Services) in the Microsoft world. In the Linux world its called PPP (Point to Point Protocol).

2 Attach A Modem

Attach a modem to COM 1 or COM 2. If you have an internal modem, you need to know what COM port it is. You could just activate all the COM ports and see later which one works by viewing the /var/log/messages file. Then turn off the other 3.

3 Run kudzu

Kudzu is the Linux hardware auto detection that usually runs at boot time. You may reboot the computer or else just type:

kudzu
Hopefully, kudzu will detect your modem and configure it automatically.

4 Configure Modem For mgetty

Mgetty is the program that allows you to login after the modems connect. It is activated in the /etc/inittab file. Use vi to add a line after the mingetty lines (halfway into the file).

Physical Port Linux Port /etc/inittab line for turning on mgetty
COM 1 ttyS0
COM 2 ttyS1
COM 3 ttyS2
COM 4 ttyS3

vi /etc/inittab

S0:2345:respawn:/sbin/mgetty -D ttyS0
S1:2345:respawn:/sbin/mgetty -D ttyS1
S2:2345:respawn:/sbin/mgetty -D ttyS2
S3:2345:respawn:/sbin/mgetty -D ttyS3

The -D means data only, no fax machines are allowed to connect. The baud rate is automatic. I hope your modem can handle that.

5 Turn On PPP Dial In Service

Mgetty by default will not invoke PPP, it is commented out in the /etc/mgetty+sendfax/login.config file. We need this service so IP packets can flow across the dial-in connection.

vi /etc/mgetty+sendfax/login.config

Look for a line:

#/AutoPPP/ - a_ppp /usr/sbin/pppd auth -chap +pap login debug

Change to

/AutoPPP/ - a_ppp /usr/sbin/pppd auth -chap +pap login debug

and remove the first character, the # and save the file. Notice the “debug” option on that line. This logs useful information in /var/log/messages that we will look at later. Also, the “login” option means to authenticate with the /etc/passwd file after “pap” authentication (described below).

6 Setup PPP Options

When PPP starts up, it reads options from the command line from /etc/mgetty+sendfax/login.config. Then it read more options from the /etc/ppp directory. We will create a new file called options.server where we will put generic options for all modems that dial in. Then we will have an options file for each modem where we can put the IP address we will assign anyone on that modem. That file will be named options.ttyS0 or options.ttyS1.

vi /etc/ppp/options.server

-detach
asyncmap 0
modem
crtscts
lock
proxyarp
ms-dns 1.2.3.4           #replace 1.2.3.4 with DNS address Primary
ms-dns 3.4.5.6           #replace 3.4.5.6 with DNS address Slave

vi /etc/ppp/options.ttyS0

192.168.0.12:192.168.0.100            #serverAddress:clientAdress
netmask 255.255.255.0                    #The netmask of the LAN the server is connected to

7 Add Users To pap-secrets

In order to allow dial in, you will have to define users and passwords to authenticate them with. PPP will authenticate them. First, we must add users and passwords to the /etc/ppp/pap-secrets file.

vi /etc/ppp/pap-secrets

Client (User)      Server       Secret (password)         IP
sohail               *               boby                  *
zain                 *               zain123               *

8 Create Linux Users

Now, create some regular linux users that correspond to the /etc/ppp/pap-secrets file. Use the same password that has been entered in that file. If you do not want to do this step then you must remove the “login” option from the command line of ppp kept in /etc/mgetty+sendfax/login.config.

9 Turn On Routing

We now want Linux to be a router and allow packets to flow through it. This is called packet forwarding.

vi /etc/sysctl.conf

net.ipv4.ip_forward  = 1

sysctl -e -p /etc/sysctl.conf

10 Start Mgetty

Tell the init to re-read its config file (/etc/inittab) and start up mgetty on the modems.

/sbin/telinit q

11 Test Dial In and View Logs

Have someone try dialing in on Phone number attached to modem and you can watch the logs live by typing this:

tail -f /var/log/messages

You will see the connection attempts and some useful debugging info.

Source: http://www.howtoforge.com/linux_dialin_server