Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Denial of service attacks apparently from UUNET Netblocks

  • From: James_deleskie
  • Date: Tue Oct 07 11:05:43 1997


> I would not be surprised if the caller's phone number were logged, most
> modern modem banks talk ANIS and DNIS, which if I'm remembering correctly
> is basically caller ID.  I'm thinking of putting this on our POP, as there
> doesn't seem to be an extra charge to get the data from the telco.

I would have to disagree, in Canada anyway, the telco charges extra for these features, andand while
the modemracks will support it few if any ISP are gonna spend the $$$ for it. 
Until of course they are attacked and loose business and then the VP's the cost
of NOT having it.

-Jim

> 
> Charles
> 
> ~~~~~~~~~					~~~~~~~~~~~
> Charles Sprickman 				Internet Channel
> INCH System Administration Team			(212)243-5200
> spork@inch.com					access@inch.com
> 
> On Mon, 6 Oct 1997, Phil Howard wrote:
> 
> > Date: Mon, 6 Oct 1997 21:30:11 -0500 (CDT)
> > From: Phil Howard <phil@charon.milepost.com>
> > To: steve@nwnet.net
> > Cc: nanog@merit.edu
> > Subject: Re: Denial of service attacks apparently from UUNET Netblocks
> > 
> > Steve Mansfield writes...
> > 
> > [snip snip snip]
> > 
> > > S'okay.  Have the feds subpoena UUNET for the connect logs for these
> > > max'es.  UUNET keeps the logs and is capable, given the exact time of the
> > > attack(s), of going through the logs, identifying exactly who it was, and
> > > if it's one of their customers, giving the personal info to the feds.
> > > If it's a reseller's customer, they can get the user info and forward it to
> > > the reseller and inform the feds who they need to talk to for the personal
> > > info.  Whoever it was is as good as nailed.
> > 
> > Unless it was a stolen account.  With more and more "naive" users coming
> > online, the chance of this kind of thing happening is greater and greater.
> > You can shut off the account.  Feds can visit the home of whoever owns the
> > account.  They can even be blocked from ever getting any account at any
> > ISP for life.  But if this possibility is fact, you won't have the perp
> > and they can attack again.
> > 
> > Now if the telco has records of all the phone calls you can find out where
> > the calls actually came from.  Maybe that's the perp.  Maybe not.
> > 
> > What is ultimately needed is some better real time detection of this kind
> > of thing sufficiently deployed so that it is present on all routers where
> > the exposure exists.  You may not catch the perp, but you might reduce the
> > damage it causes.
> > 
> > How to encourage this to be done is left as an exercise for the reader.
> > 
> > -- 
> > Phil Howard  +-------------------------------------------------------------+
> > KA9WGN       | House committee changes freedom bill to privacy invasion !! |
> > phil at      | more info:  http://www.news.com/News/Item/0,4,14180,00.html |
> > milepost.com +-------------------------------------------------------------+
> > 
> 
> 






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.