If you have two machines with Windows XP, you can setup a "dial-up" connection between the two using a standard land phone line. I imagine the same can be done on Windows 7, and most other Operating systems for that matter. (linux, etc.)

In the Windows XP case, you can configure the connection to require the client to use a "password" to connect to the server. I suspect that relatively speaking this is not secure. Someone with enough "know how" that is "listening" on the telephone connection "between the two computers" could snoop the password and easily view the traffic. Is this suspicion correct? If so, why and how?

What if I were to setup an ssh server and pre-configure all the known hosts and appropriate keys and such. I could then achieve a secure connection over the standard un-secure modem connection? Is this correct?

Finally, I have an optional question, ignore if you choose (it is somewhat open ended, but could be fun to answer):

Most consumers aren't using dial-up connections these days, but a lot of commercial applications still do. What are the chances that "bad guys" are "listening" on your average land line telephone connection? Do you think this actually happens?

3 Answers 3


Is this suspicion correct? If so, why and how?

Your suspicion is not entirely correct. Windows XP supports a range of security options for authentication and encryption for remote network connections including dial-up. This is documented on Microsoft's website.

While WinXP can be configured to allow the password to be transmitted in clear text, other options require the password to be sent securely and subsequent traffic to be encrypted. Such a connection can't be easily snooped. Techniques for hacking a secure connection do exist, though. Some are harder than others to crack depending on the options chosen (40-bit key [easy] vs. 128-bit key [harder], for example).

Yes, your ssh connection will be secure and you can choose a stronger encryption algorithm (256-bit key) than WinXP provides.

As to your optional question, I think the likelihood of "bad guys" (i.e. someone who wants do do you harm) listening on an intermittent dial-up line is low because hackers are generally looking for the 'big score'. That said, you should always secure remote network connections of any type and never send passwords over the wire in clear text.


Is this suspicion correct? If so, why and how?

Yes, it's called Man-in-the-middle (MITM) attack at it can happen virtually over any communication channel.

Sure you have heard about "evil" polititcians tampering someone's mail? Why did they use seals for messages in ancient times?

Problem is that with advent of Internet age, there is much more to tamper with, and there is much less security even in things that we know and use.

A little example.

Consider this: You walk into a bank to send money using classical statement.

  • in a known town

  • on a known street

  • with lot of people around

  • you may even know the security guy

  • you know how the statement is supposed to look like

  • you may even know the clerk by face and by voice. Even if they are new, you can comment on that and have their reaction.

Before you even get to touch the paper, there are literally thousands of tera-bytes (well, AFAIK no-one ever measured it, but it would be a huge number) that your brain will get to check for you to make sure you are at the right place, and nothing strange has happened that morning.

Now this tremendous amount of data is in fact public key of the bank: Everyone can get all the data, but for you it only works if you have memories of the place (that's your private key). Your brain (yes, the only machine you can trust, only because you must), does all the decoding and checking for you. Cool.

Now consider a HTML page with a simple name/password form. And a ...how large... 4096 bytes large security certificate. Where are the private keys? To extremely simplify, we could say they are in your OS. And what is the box that is doing the checks for you? Can you look inside?

Welcome to the world of Internet security.

Well, I'm not trying to compare worlds to universes, or say that it's somehow easy to fake a bank's certificate (it is ridiculously easy to do it with the HTML form, though), or that it's easy to get into the middle (well, it's surprisingly easy in most Wi-fi networks). What I'm trying to say is that there has never been less data to fake, and there never have been more "invisible" ways to do it.

What if I were to setup an ssh server and pre-configure all the known hosts and appropriate keys and such. I could then achieve a secure connection over the standard un-secure modem connection? Is this correct?

That's exactly what ssh was made for: doing relatively secure connections over untrusted networks.

However, there are more factors to consider.

OK, provided that your private key or your server haven't been compromised, and provided that you used strong (=long, 4096 bytes) key, and provided that your "enemy" does not have tremendous computing power, provided that your enemy is not listening long enough, provided that they have as little knowledge about your hardware and software as possible ... yes, it's possible to make it very hard to break in.

Remember: Security is not a technology. Security is a mind set.

What are the chances that "bad guys" are "listening" on your average land line telephone connection? Do you think this actually happens?

The chances are probably very hard to guess without knowing technical details of the connection. How many sharks with lasers are around? Is it in the middle of the Sun?

But seriously, I think that while you probably can't guess the evidence, there's another point of view:

Are the powerful guys able to appreciate the value of such option? (I mean, how old are they? Are they already "the Internet generation"?)

Is it (or will it be anytime soon) possible to analyze such data and make benefit from that?

Are the people that, in some sense, must inevitably gather such data just so that their services can work (like: Can't imagine a social network without storing social data) "ethically balanced" enough so that they aren't already selling it? Would we know that?

Welcome to the world of Internet ethics.

Is this suspicion correct? If so, why and how?

Yes that is correct. This is also an issue with modern day connections but encryption has taken care of that. (Research private and public keys)

What if I were to setup an ssh server and pre-configure all the known hosts and appropriate keys and such. I could then achieve a secure connection over the standard un-secure modem connection? Is this correct?


What are the chances that "bad guys" are "listening" on your average land line telephone connection? Do you think this actually happens?

It depends on who you consider the "bad guys". In light of the recent news with the NSA it is very certain that the gov't is "listening" and it is well known that ISPs and telephone providers do log and monitor your internet/telephone. If you consider them "bad guys" then yes. However, it is quite unlikely that a random stranger is tapping into your phone/internet.

  • "encryption has taken care of that.", ...to make it somewhat harder. Nobody will ever really "take care of that". Commented Jul 8, 2013 at 18:04

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .