Tracking down hacked machines would be quicker. Sometimes you might be able to track back to the source where you could pull the ANI or callerid information out of the radius accounting logs and have someone knocking on their door. You only have to do this for 1 in 10 attacks before rumors spread around the hacker community and it stops.
I hate to tell you, but ANI and caller-id can be spoofed too. However, I agree that encouraging as much source filtering as possible would be "a good thing." Just as long as people don't get the idea that source filtering would make authentication by source IP address any more secure than authentication by caller-id. Now, if we could just get the phone company to not charge 1,000% markup on caller-id, we'd have it on all our modem lines now. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
On Tue, 17 Sep 1996, Sean Donelan wrote:
Tracking down hacked machines would be quicker. Sometimes you might be able to track back to the source where you could pull the ANI or callerid information out of the radius accounting logs and have someone knocking on their door. You only have to do this for 1 in 10 attacks before rumors spread around the hacker community and it stops.
I hate to tell you, but ANI and caller-id can be spoofed too.
*AND* phone calls can be hijacked midstream which has been used to take over dialin terminal connections *AFTER* the password has been given. Not that different in effect from hijacking a TCP/IP session that uses one-time passwords. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
In message <960917210707.32d3@SDG.DRA.COM>, Sean Donelan writes:
Tracking down hacked machines would be quicker. Sometimes you might be able to track back to the source where you could pull the ANI or callerid information out of the radius accounting logs and have someone knocking on their door. You only have to do this for 1 in 10 attacks before rumors spread around the hacker community and it stops.
I hate to tell you, but ANI and caller-id can be spoofed too.
However, I agree that encouraging as much source filtering as possible would be "a good thing." Just as long as people don't get the idea that source filtering would make authentication by source IP address any more secure than authentication by caller-id.
Now, if we could just get the phone company to not charge 1,000% markup on caller-id, we'd have it on all our modem lines now. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
Can anyone remember what the hardest part was about finding Mitnick? After having a relatively easy time tracing him to Netcom the problem was figuring out where he was entering the phone system via cell phone and it was determined that he had broken into the phone system and probably been frollicing there for about 2 years. Curtis
participants (3)
-
Curtis Villamizar -
Michael Dillon -
Sean Donelan