Denial of service attacks apparently from UUNET Netblocks

Tue Oct 7 20:49:36 UTC 1997

On Tue, Oct 07, 1997 at 12:47:33PM -0400, Mike Diehn wrote:

> Hmmmm.... I have a few Ascend Max 400Xs using PRI T-1s for ISDN dialup
> and they log ANI, DNIS and a slew of other session specific info to
> LOCAL4. We don't use CallerID authentication.
> 
> Here's an example of a single ISDN session, sanitized info is in braces.
> 
> {Date Time FQDN} ASCEND: slot 0 port 0, line 1, channel 6, Incoming Call, {10-DIGIT-ANI}
> {Date Time FQDN} ASCEND: slot 9 port 4, Assigned to port, {10-DIGIT-ANI}
> {Date Time FQDN} ASCEND: call 50 AN slot 9 port 4 64K {7-DIGIT-DNIS}
> {Date Time FQDN} ASCEND: slot 9 port 4, LAN session up, {USERNAME}
> {Date Time FQDN} ASCEND: call 50 CL 0K  u={USERNAME} c=2 p=65
> {Date Time FQDN} ASCEND: slot 9 port 4, line 1, channel 6, Call Disconnected
> {Date Time FQDN} ASCEND: slot 9 port 4, Call Terminated
> {Date Time FQDN} ASCEND: slot 0 port 0, LAN session down, {USERNAME}
> {Date Time FQDN} ASCEND: call 50 CL 0K 

Here is what I get in MY syslog:

{Date Time host} ASCEND: slot 0 port 0, line 1, channel 2, Incoming Call, MBID 106
{Date Time host} ASCEND: slot 4 port 1, Assigned to port, MBID 106
{Date Time host} ASCEND: slot 4 port 1, line 1, channel 2, Call Connected, MBID 106
{Date Time host} ASCEND: call 106 AN slot 4 port 1 64K {7-DIGIT-DNIS}
{Date Time host} ASCEND: slot 4 port 1, LAN session up, {USERNAME}

I am in BellSouth territory.  Another poster to this list reported
that BellSouth cannot turn off ANI/CallerID.  I'll open a ticket with
Ascend and post my findings.

--Eric

-- 
Eric Wieling (eric at ccti.net), Corporate Communications Technology
Sales: 504-585-7303 (sales at ccti.net), Support: 504-525-5449 (support at ccti.net)