Denial of service attacks apparently from UUNET Netblocks

ken emery ken at cnet.com
Tue Oct 7 18:43:24 UTC 1997


On Tue, 7 Oct 1997, Mike Diehn wrote:

> On Tue, 7 Oct 1997, Eric Wieling wrote:
> 
> > On Tue, Oct 07, 1997 at 01:03:14AM -0400, Charles Sprickman wrote:
> > > I would not be surprised if the caller's phone number were logged, most
> > > modern modem banks talk ANIS and DNIS, which if I'm remembering correctly
> > > is basically caller ID.  I'm thinking of putting this on our POP, as there
> > > doesn't seem to be an extra charge to get the data from the telco.
> > 
> > Unless you are using CallerID authentication, the Ascend MAXes do not
> > log the caller's number.  I assume that the TNT's have the same
> > problem.
> 
> Hmmmm.... I have a few Ascend Max 400Xs using PRI T-1s for ISDN dialup
> and they log ANI, DNIS and a slew of other session specific info to
> LOCAL4. We don't use CallerID authentication.
> 
> Here's an example of a single ISDN session, sanitized info is in braces.
> 
> {Date Time FQDN} ASCEND: slot 0 port 0, line 1, channel 6, Incoming Call, {10-DIGIT-ANI}
> {Date Time FQDN} ASCEND: slot 9 port 4, Assigned to port, {10-DIGIT-ANI}
> {Date Time FQDN} ASCEND: call 50 AN slot 9 port 4 64K {7-DIGIT-DNIS}
> {Date Time FQDN} ASCEND: slot 9 port 4, LAN session up, {USERNAME}
> {Date Time FQDN} ASCEND: call 50 CL 0K  u={USERNAME} c=2 p=65
> {Date Time FQDN} ASCEND: slot 9 port 4, line 1, channel 6, Call Disconnected
> {Date Time FQDN} ASCEND: slot 9 port 4, Call Terminated
> {Date Time FQDN} ASCEND: slot 0 port 0, LAN session down, {USERNAME}
> {Date Time FQDN} ASCEND: call 50 CL 0K 
> 
> Now, I don't know if the analog modems in maxen will log this inf.
> or not, but it's worth knowing that a max can do it for some types
> of calls.

One question, "can't the sender (aka the person initiating the call) 
forge the ANI information?"  I know on a cisco (1003 series) it will 
croak if this is incorrect, but what about an Ascend or other ISDN 
device?  Unless things have changed I don't think the TELCO's in the 
USA guarantee the ANI is correct.

bye,
ken emery




More information about the NANOG mailing list