Re: Denial of service attacks apparently from UUNET Netblocks

[James_deleskie <jdeleski () Fox nstn ca>]

> I would not be surprised if the caller's phone number were logged, most
> modern modem banks talk ANIS and DNIS, which if I'm remembering correctly
> is basically caller ID.  I'm thinking of putting this on our POP, as there
> doesn't seem to be an extra charge to get the data from the telco.

I would have to disagree, in Canada anyway, the telco charges extra for these features, andand while
the modemracks will support it few if any ISP are gonna spend the $$$ for it. 
Until of course they are attacked and loose business and then the VP's the cost
of NOT having it.

-Jim

> Charles
>
> ~~~~~~~~~                                     ~~~~~~~~~~~
> Charles Sprickman                             Internet Channel
> INCH System Administration Team                       (212)243-5200
> spork () inch com                                     access () inch com
>
> On Mon, 6 Oct 1997, Phil Howard wrote:
>
> > Date: Mon, 6 Oct 1997 21:30:11 -0500 (CDT)
> > From: Phil Howard <phil () charon milepost com>
> > To: steve () nwnet net
> > Cc: nanog () merit edu
> > Subject: Re: Denial of service attacks apparently from UUNET Netblocks
> >
> > Steve Mansfield writes...
> >
> > [snip snip snip]
> >
> > > S'okay.  Have the feds subpoena UUNET for the connect logs for these
> > > max'es.  UUNET keeps the logs and is capable, given the exact time of the
> > > attack(s), of going through the logs, identifying exactly who it was, and
> > > if it's one of their customers, giving the personal info to the feds.
> > > If it's a reseller's customer, they can get the user info and forward it to
> > > the reseller and inform the feds who they need to talk to for the personal
> > > info.  Whoever it was is as good as nailed.
> >
> > Unless it was a stolen account.  With more and more "naive" users coming
> > online, the chance of this kind of thing happening is greater and greater.
> > You can shut off the account.  Feds can visit the home of whoever owns the
> > account.  They can even be blocked from ever getting any account at any
> > ISP for life.  But if this possibility is fact, you won't have the perp
> > and they can attack again.
> >
> > Now if the telco has records of all the phone calls you can find out where
> > the calls actually came from.  Maybe that's the perp.  Maybe not.
> >
> > What is ultimately needed is some better real time detection of this kind
> > of thing sufficiently deployed so that it is present on all routers where
> > the exposure exists.  You may not catch the perp, but you might reduce the
> > damage it causes.
> >
> > How to encourage this to be done is left as an exercise for the reader.
> >
> > -- 
> > Phil Howard  +-------------------------------------------------------------+
> > KA9WGN       | House committee changes freedom bill to privacy invasion !! |
> > phil at      | more info:  http://www.news.com/News/Item/0,4,14180,00.html |
> > milepost.com +-------------------------------------------------------------+