Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Denial of service attacks apparently from UUNET Netblocks

  • From: ken emery
  • Date: Tue Oct 07 15:12:53 1997

On Tue, 7 Oct 1997, Mike Diehn wrote:

> On Tue, 7 Oct 1997, Eric Wieling wrote:
> 
> > On Tue, Oct 07, 1997 at 01:03:14AM -0400, Charles Sprickman wrote:
> > > I would not be surprised if the caller's phone number were logged, most
> > > modern modem banks talk ANIS and DNIS, which if I'm remembering correctly
> > > is basically caller ID.  I'm thinking of putting this on our POP, as there
> > > doesn't seem to be an extra charge to get the data from the telco.
> > 
> > Unless you are using CallerID authentication, the Ascend MAXes do not
> > log the caller's number.  I assume that the TNT's have the same
> > problem.
> 
> Hmmmm.... I have a few Ascend Max 400Xs using PRI T-1s for ISDN dialup
> and they log ANI, DNIS and a slew of other session specific info to
> LOCAL4. We don't use CallerID authentication.
> 
> Here's an example of a single ISDN session, sanitized info is in braces.
> 
> {Date Time FQDN} ASCEND: slot 0 port 0, line 1, channel 6, Incoming Call, {10-DIGIT-ANI}
> {Date Time FQDN} ASCEND: slot 9 port 4, Assigned to port, {10-DIGIT-ANI}
> {Date Time FQDN} ASCEND: call 50 AN slot 9 port 4 64K {7-DIGIT-DNIS}
> {Date Time FQDN} ASCEND: slot 9 port 4, LAN session up, {USERNAME}
> {Date Time FQDN} ASCEND: call 50 CL 0K  u={USERNAME} c=2 p=65
> {Date Time FQDN} ASCEND: slot 9 port 4, line 1, channel 6, Call Disconnected
> {Date Time FQDN} ASCEND: slot 9 port 4, Call Terminated
> {Date Time FQDN} ASCEND: slot 0 port 0, LAN session down, {USERNAME}
> {Date Time FQDN} ASCEND: call 50 CL 0K 
> 
> Now, I don't know if the analog modems in maxen will log this inf.
> or not, but it's worth knowing that a max can do it for some types
> of calls.

One question, "can't the sender (aka the person initiating the call) 
forge the ANI information?"  I know on a cisco (1003 series) it will 
croak if this is incorrect, but what about an Ascend or other ISDN 
device?  Unless things have changed I don't think the TELCO's in the 
USA guarantee the ANI is correct.

bye,
ken emery





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.