From: Allan Chong <allan@bellsouth.net> Tracking down hacked machines would be quicker. Sometimes you might be able to track back to the source where you could pull the ANI or callerid information out of the radius accounting logs and have someone knocking on their door. You only have to do this for 1 in 10 attacks before rumors spread around the hacker community and it stops. This discussion of securing dialup servers is pointless. I guarantee you that the 2000 packet/second SYN attacks we've been seeing are coming from a compromised host on a high speed connection and not from someone's 28.8k dialup connection. The hackers just take over a machine, use it to launch their attacks, and disappear into the jungle if we manage to find the particular machine they're using tonight. Harden your servers, filter on all non-transit ports on your routers, but let's let the how-to-do-filtering-on-terminal-servers discussion die, OK? ---Rob