Re: Denial of service attacks apparently from UUNET Netblocks

[Mike Diehn <mdiehn () mindspring net>]

On Tue, 7 Oct 1997, Eric Wieling wrote:

> On Tue, Oct 07, 1997 at 01:03:14AM -0400, Charles Sprickman wrote:
> > I would not be surprised if the caller's phone number were logged, most
> > modern modem banks talk ANIS and DNIS, which if I'm remembering correctly
> > is basically caller ID.  I'm thinking of putting this on our POP, as there
> > doesn't seem to be an extra charge to get the data from the telco.
>
> Unless you are using CallerID authentication, the Ascend MAXes do not
> log the caller's number.  I assume that the TNT's have the same
> problem.

Hmmmm.... I have a few Ascend Max 400Xs using PRI T-1s for ISDN dialup
and they log ANI, DNIS and a slew of other session specific info to
LOCAL4. We don't use CallerID authentication.

Here's an example of a single ISDN session, sanitized info is in braces.

{Date Time FQDN} ASCEND: slot 0 port 0, line 1, channel 6, Incoming Call, {10-DIGIT-ANI}
{Date Time FQDN} ASCEND: slot 9 port 4, Assigned to port, {10-DIGIT-ANI}
{Date Time FQDN} ASCEND: call 50 AN slot 9 port 4 64K {7-DIGIT-DNIS}
{Date Time FQDN} ASCEND: slot 9 port 4, LAN session up, {USERNAME}
{Date Time FQDN} ASCEND: call 50 CL 0K  u={USERNAME} c=2 p=65
{Date Time FQDN} ASCEND: slot 9 port 4, line 1, channel 6, Call Disconnected
{Date Time FQDN} ASCEND: slot 9 port 4, Call Terminated
{Date Time FQDN} ASCEND: slot 0 port 0, LAN session down, {USERNAME}
{Date Time FQDN} ASCEND: call 50 CL 0K 

Now, I don't know if the analog modems in maxen will log this inf.
or not, but it's worth knowing that a max can do it for some types
of calls.

 - Mike

Mike Diehn,                    ......................mdiehn () mindspring net
NOC Systems Engineer          ................MindSpring Enterprises, Inc.