On Wed, Nov 2, 2011 at 5:24 PM, Gerhard Lausser <Gerhard.Lausser@consol.de> wrote:

Hi,

 

maybe sending the $HOST/SERVICEEPROBLEMID$ macro with the alert-sms can help. Then, in the reply there has to be this id. Host/service/problemid identifies the service and adds something that only the receipient of the sms knows. (ok, if an attacker sends thousands of sms brute-forcing the problem-id, you’re lost)

 

Why not, but at 3AM, it's hard to remember a number :p

I think the efficient way is a simple password like:
Ack password myhost/myservice

It's easy to setup, don't need to remember problems ids, and will solve all rogue SMS problems I think.


Jean
 

Gerhard