On Tue, 3 Jul 2001, [iso-8859-1] - wrote: > Greetz. > > Just a matter of interest. > > Say there is user A, he dials up to ISP J. User A breaks into server > X. Server X has the ip, he contacts the isp.... How is the user > tracked from there on... > A good Radius server should log the IP used by user A, as well as the time user A stays connected. The latter information is vital to most ISP business models as they use the length of time a user stays connected as basis for their billing. Most modern digital phone systems should have caller ID, so the phone number is also logged if Radius can get this information somehow. So if Server X was able to get the IP used by user A to connect to it, ISP J should be able to trace user A back to the phone he used to dial up into them, *provided the clock skew between ISP J's Radius server and Server X is minimal*. Which is why all people who operate major servers, and ISP's most especially, should synchronize their clocks correctly. Clock skew of any serious length can make correlating events on different servers iffy if not impossible. Skew of even one minute may make pinning down a culprit hard to prove. -- Rafael R. Sevilla +63(2) 8177746 ext. 8311 Programmer, InterdotNet Philippines +63(917) 4458925 http://dido.engr.internet.org.ph/ -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GAT d- s:- a- C++++ UL+++ P+++ L+++ E++ W++ N+ o K- w--- O- M-- V- PS+ PE Y+ PGP++ t+ 5 X+ R tv+ b+++ DI++ D+ G e++ h! r++ y+ ------END GEEK CODE BLOCK------ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11146&t=11146 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
