> alone attempts. Current "educated" guessing is anywhere from 250 to
> 1000 successfull intrusions a day resulting in some information
Well a SWAG is still a WAG. If by "intrusion" you mean a PING or FINGER
from an unknown source, it is possible. If you mean an actual login by
an unauthorized person *that was noticed*. I would think that more likely
to be a monthly figure.
There are some important factors to keep in mind: first and formost it is
profitable to some to put the losest possible criteria and so to use the
highest marginally acceptable numbers.
On the other hand, if it happens to YOU it is a disaster so there are both
macro and micro considerations involved.
And on the gripping hand, if it happens to YOU *and* the media gets ahold
of it, we are now talking career threatening.
A few years ago a group called the MOD was apprehended and my company was
listed as "attackee". The fact that they only were able to gain minimal
access to a telephone switch that was maintained by a sub-comtractor - can
you say "outsourced" - and that anything important required a password that
the intruders never obtained was unimportant to the media.
Further that AFAIK the intruders just knew that a switch was on a certain
number and not *whose* switch it was (took the Secret Service to find that
out) was also not pertinant. What appeared in the Wall Street Journal (and
reappears at least once a year somewhere) was that the list of penetrated
companies included Martin-Marietta.
Periodically, we are strobed by war dialers. This should surprise no-one
since kids will be kids. I know about it and Southern Bell knows about it.
Generally I just send a polite note asking them not to do it again (caller-id
is nice and our new switch has ANI - when you own an entire exchange it
is easy to set up some numbers as traps with logs) and so far it has not
For that matter we require modem registration/briefings for AA and I
periodically strobe our lines. Of course since am on the inside I only
need to dial five digits and the response is fast. So I know where the
modems are that answer the phone and they are protected. (Well, is only
two layers - policy and validation - am working on a third).
But the point is that to some, the fact that a war dialer can find some
modems would be considered to be a "sucessful attack" and might even
count every line found as a separate one whether or not anything could be
done with it.
Further, what are the boundaries ? Companies ? Home BBSs ? Captured cell-phone
ESNs ? The numbers can mount quickly.
Finally, you have the situation that many will not report such attempts
thinking it would hurt them politically. The fact is that anyone with any
public presence who says they have not been strobed is either 1) Lying or
2) Oblivious. It happens every day.
Btw, usual disclaimers apply - have said nothing that has not appeared
in the media.