> Some folks at work want to setup an ISDN dial-in connection relying
>solely on the inbound caller ID as the security measure. Is it possible
>to spoof the D channel to send fake info? I'm fairly certain there is
>a way to do it. Can anyone point me to some references so I can make a
>decent technical argument agaisnt this?
Throw words at them like corporate espionage, phreakers reprogramming switches
and malicious telco employees. Remind them that link level encryption and
authentication is not that much more difficult so there is no excuse not to
use it on the production system.
Ask them how much their security is worth to them and how much more peace of
mind they will get by knowing a heck of a lot of mathematics is protecting
From: Edward Maillet <maillet @