Hi Guys, This topic has become pretty much pointless. CallerID was never designed to be any kind of authentication scheme. Also, it is very hard for telco to restrict proper usage of CallerID in PRI or SS7 (Please consider number protability, etc.)
We all already agreed on fact that author of this article are moron. Let's not discuss any ideas of making CallerID secure or ajusting IAX to carry 2 or 3 CallerID records. All of this is pointless. If someone conducts business based on CallerId, it's up to them. If somebody comits crime with fake CallerID, it's also fine. People, this world is not perfect. There are thousands of telco companies where you will be able to find somebody who does not enforce proper CallerID. There are bunch of "telephony guys" who can do a lot of stuff, which you can't even think about it. But people, please do not write articles like that and do not publish it on MSNBC, NY Times and CNN. Thanks, Aleksandr Palatkevich BPVN Technologies Inc. http://www.pipeboost.com/ Phone: (917) 723-0306 Fax: (212) 937-2170 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Bougues Sent: Saturday, July 10, 2004 7:34 PM To: [EMAIL PROTECTED] Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID On Wed, Jul 07, 2004 at 11:57:31AM -0400, Timothy R. McKee wrote: > This has always been one of my pet peeves, even as I worked in the industry. > A telco switch operating a DS1 on trunk side should enforce caller-id > numbers to be within the range of DID numbers assigned to that trunk. There > should be a default DID number that is used to replace any *invalid* numbers > sent on that trunk. Note that blocked caller ids would still be blocked, > but the rest of the data should be corrected. Blocking ID is ok, lying > about it is not. > > Blind trust of a non-SS7 link is a _bad_ thing. > PRI signalling enables "Network provided" or "User provided" caller-id. Maybe IAX could implement such a thing. It's very common in France (at least) : - the network will provided a guaranteed caller-id - the user (CPE) may provide another one (usually, a DID number) and the called party gets both. Unfortunatly, as far as I understand, Asterisk is not really designed to handle more than one caller id number. -- Nicolas Bougues Axialys Interactive _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
