That may be the case in Australia, but at least here in the US of A, the telco accepts what is sent. I only have it set up to spoof on prefix 8 to call friends, but they already know that if they see their number, odds are pretty good that it is me. :-)
The main "legit" way that is used, is when you have DIDs for numerous office extensions. You have to set the Caller ID when you call out so it shows the correct DID extension to call back on. Or you can always send your main switchboard number rather than the individual extension. There are several methods that are commonly used. As for why the telcos don't look at the incoming number list for your account, and verify what you are sending is part of that, I don't know. I agree with you there, it just seems to be the way it should be. The only exception I could see is if you have lines from several providers, and want to send the incoming number from a different provider than your outgoing. But then it seems they could evaluate that on a case by case basis but still protect the data. They didn't ask me though. But regardless of what it could, and should, be, caller ID is a very insecure authentication method as it currently stands. Jeremy -----Original Message----- From: Klaus Darilion [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 12:21 PM To: [EMAIL PROTECTED] Subject: Re: [Asterisk-Users] calling card application Jeremy Hall wrote: > If by authentication by mobile number you mean the caller ID received, > that is not secure at all. CallerID is very easy to spoof when you have > a digital line (certain types, of course.) For example, when I call out > from my Asterisk box, if I prefix the number with 9, it sends my correct > CallerID information. If I prefix the number with 8, it sends the > number I am calling as the CID. I can just as easily set that to show > random numbers, or a mobile number I know will give me pre-paid minutes > on XYZ company's long distance account. Is it really possible to spoof the CID? Shouldn't the PSTN provider (the company which gave you the E1 link) verfiy that the CID you're sending into the PSTN is correct (i.e. is in your number range), and put in a correct one if it's false? I think that's the way it should be in Austria. regards, klaus _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
