[12744] in North American Network Operators' Group
Re: Denial of service attacks apparently from UUNET Netblocks
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Tue Oct 7 16:25:13 1997
Date: Tue, 7 Oct 1997 16:01:34 -0400
From: "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>
To: ken emery <ken@cnet.com>
Cc: Mike Diehn <mdiehn@mindspring.net>, nanog@merit.edu
In-Reply-To: <Pine.SOL.3.96.971007114023.8638B-100000@cappone>; from ken emery <ken@cnet.com> on Tue, Oct 07, 1997 at 11:43:24AM -0700
On Tue, Oct 07, 1997 at 11:43:24AM -0700, ken emery wrote:
> One question, "can't the sender (aka the person initiating the call)
> forge the ANI information?" I know on a cisco (1003 series) it will
> croak if this is incorrect, but what about an Ascend or other ISDN
> device? Unless things have changed I don't think the TELCO's in the
> USA guarantee the ANI is correct.
In short: no.
It's exceptionally difficult to forge ANI, with one small exception.
_Some_ originating end-offices apparently don't validate ANI
information handed to them by PBXs... otherwise, spoofing ANI requires
intercepting the loop to the receiving sub, or subverting the switch.
This was discussed at length in one of the telecom newsgroups, about 4
months ago, search for "ANI spoof" or "CNID spoof".
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "People propose, science studies, technology
Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
