Edward Amoroso, AT&T Laboratories
One of the earliest malicious attacks on a modern communications network was the infamous frequency spoof (at 2600 Hz) designed to trick Bell System circuit-switching equipment into providing a free phone call (“Toll Fraud Device,” 1993). The attack was astonishingly simple to accomplish; it provided a clear gain to the intruder (monetary, in this case), and it turned out to be incredibly difficult for phone companies to actually fix. These basic attributes are still considered—from the perspective of an intruder—to be desirable. In fact, many modern intruders still trace their first recognition of computer-based attacks to this simple phone spoof and its associated simplicity, gain, and difficulty in remediation.
Our familiar anecdote demonstrates a basic presumption in this chapter—namely that although network technology will certainly evolve, the underlying principles of attacking such technology will remain firm. Therefore, this chapter concentrates ...