Re: [Asterisk-Users] VoIP hackers gut Caller ID
Steve Kennedy wrote: There are a few circumstances when called ID can be blocked (it's rumoured certain spook agencies have this ability), however if a "user" withholds CID, then it's just flagged at the local switch and passed switch to switch with the withold CLI flag. The terminating switch should then NOT pass on CLI if the withold flag is set on to an end-user line. Of course some agencies will get CLI passed even if the withold flag is set (in the UK, Police, fire, etc, potentially even ISPs for abuse purposes - but they are not meant to abuse the privilige). IIRC this is two distinct cases. CID (by various names) is whatever the originating party (customer) wants to say it is in the case of a PRI. ANI is correctly populated at the RBOC when the call enters the SS7 fabric. This means that no matter what I stick in the CID field, a call to 911 will pull up the correct address based on ANI. In my config I manipulate the outbound appearance for a variety of reasons and use 9, 99, 8, or 88 prefixing the outbound call to allow the user to control their call appearance. This allows various classes of calls to have a useful number in case the person you called wants to return your call and go directly to your station or the correct call queue. For example, when someone outcalls from the credit card verifications team the CID will allow the person called to return their call and bypass the IVR prompting. Then again... I probably have no idea what I'm talking about. Alan ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
Hi Guys, This topic has become pretty much pointless. CallerID was never designed to be any kind of authentication scheme. Also, it is very hard for telco to restrict proper usage of CallerID in PRI or SS7 (Please consider number protability, etc.) We all already agreed on fact that author of this article are moron. Let's not discuss any ideas of making CallerID secure or ajusting IAX to carry 2 or 3 CallerID records. All of this is pointless. If someone conducts business based on CallerId, it's up to them. If somebody comits crime with fake CallerID, it's also fine. People, this world is not perfect. There are thousands of telco companies where you will be able to find somebody who does not enforce proper CallerID. There are bunch of "telephony guys" who can do a lot of stuff, which you can't even think about it. But people, please do not write articles like that and do not publish it on MSNBC, NY Times and CNN. Thanks, Aleksandr Palatkevich BPVN Technologies Inc. http://www.pipeboost.com/ Phone: (917) 723-0306 Fax: (212) 937-2170 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Bougues Sent: Saturday, July 10, 2004 7:34 PM To: [EMAIL PROTECTED] Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID On Wed, Jul 07, 2004 at 11:57:31AM -0400, Timothy R. McKee wrote: > This has always been one of my pet peeves, even as I worked in the industry. > A telco switch operating a DS1 on trunk side should enforce caller-id > numbers to be within the range of DID numbers assigned to that trunk. There > should be a default DID number that is used to replace any *invalid* numbers > sent on that trunk. Note that blocked caller ids would still be blocked, > but the rest of the data should be corrected. Blocking ID is ok, lying > about it is not. > > Blind trust of a non-SS7 link is a _bad_ thing. > PRI signalling enables "Network provided" or "User provided" caller-id. Maybe IAX could implement such a thing. It's very common in France (at least) : - the network will provided a guaranteed caller-id - the user (CPE) may provide another one (usually, a DID number) and the called party gets both. Unfortunatly, as far as I understand, Asterisk is not really designed to handle more than one caller id number. -- Nicolas Bougues Axialys Interactive ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
On Wed, Jul 07, 2004 at 11:57:31AM -0400, Timothy R. McKee wrote: > This has always been one of my pet peeves, even as I worked in the industry. > A telco switch operating a DS1 on trunk side should enforce caller-id > numbers to be within the range of DID numbers assigned to that trunk. There > should be a default DID number that is used to replace any *invalid* numbers > sent on that trunk. Note that blocked caller ids would still be blocked, > but the rest of the data should be corrected. Blocking ID is ok, lying > about it is not. > > Blind trust of a non-SS7 link is a _bad_ thing. > PRI signalling enables "Network provided" or "User provided" caller-id. Maybe IAX could implement such a thing. It's very common in France (at least) : - the network will provided a guaranteed caller-id - the user (CPE) may provide another one (usually, a DID number) and the called party gets both. Unfortunatly, as far as I understand, Asterisk is not really designed to handle more than one caller id number. -- Nicolas Bougues Axialys Interactive ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
On Wed, 7 Jul 2004, brian wrote: > Anyone with a PRI/ISDN line can set callerid to anything... Not just voip, > not just asterisk. Come on guys. > > bkw Yes, but the Telco has the ability to either pass or deny that. In my X/O PRI configuration, I can only set the CallerID to a number within the vliad block of DIDs assigned to that PRI group. This prevents willy nilly abuse. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
On Jul 8, 2004, at 9:51 AM, Steve Kennedy wrote: On Wed, Jul 07, 2004 at 07:19:44PM -0800, rich allen wrote: what do you mean "not quite right"??? i[..]"blocked clid" CLID is NEVER blocked at the SS7 level (well almost), it flagged as withheld. Bingo, if you have a SS7 switch at the net then you can send whatever you want. Michael ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
Correct, I was trying to not muddy the waters with lots of detail. Basically I was saying that inter-provider trunk links should be trusted and trunk links directly to end-users (where DIDs are assigned) should not be. Timothy R. McKee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Boyd Sent: Thursday, July 08, 2004 08:51 To: [EMAIL PROTECTED] Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID See bottom > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Timothy R. > McKee > Sent: Thursday, July 08, 2004 12:05 AM > To: [EMAIL PROTECTED] > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > If he is routing tandem traffic he would be running IMTs and be SS-7 > interconnected. Hopefully his switching/prepaid equipment would have > authentication capabilities to allow the registered caller id be > generated. > > Note this peeve is against end-users manipulating it, not service > providers. > This comment is aimed at ISDN BRIs, PRIs, and PBX (trunk-side) DS1s > where the end-user currently is able to spoof anything desired to the > service provider's switch. > > > > Timothy R. McKee > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Boyd > Sent: Wednesday, July 07, 2004 17:48 > To: [EMAIL PROTECTED] > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Timothy R. > > McKee > > Sent: Wednesday, July 07, 2004 11:58 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > > > > This has always been one of my pet peeves, even as I worked in the > > industry. > > A telco switch operating a DS1 on trunk side should enforce > > caller-id numbers to be within the range of DID numbers assigned to that trunk. > > There should be a default DID number that is used to replace any > > *invalid* numbers > > sent on that trunk. Note that blocked caller ids would still be > > blocked, but the rest of the data should be corrected. Blocking ID > > is ok, lying about it is not. > > > > Blind trust of a non-SS7 link is a _bad_ thing. > > > > > > Timothy R. McKee > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Kevin > > Walsh > > Sent: Wednesday, July 07, 2004 10:01 > > To: [EMAIL PROTECTED] > > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > > Adam Hart [EMAIL PROTECTED] wrote: > > > Chris Foster wrote: > > > > The Register is carrying a article written by Kevin Poulsen of > > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > > manipulating and accessing CPN data.." > > > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after > > > > this article; i've been wanting that feature from voicepluse for > > > > a long time. > > > > > > > These kind of things will be reason (excuse) for Voip to be > > > regulated > > > > > Perhaps service providers who allow the Caller*ID to be set should > > insist that customers provide evidence that they own the phone > > numbers that they want to publish, and then limit the customers' > > choices to only the numbers in their approved list. Calling the > > customer on the provided number(s) would be an easy way to check, > > and a setup fee could be levied to cover the provider's time and > > expenses, if required. > > > > Being able to discover a "blocked" Caller*ID is another matter. > > Both are good areas for regulation. > > > > -- > >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > > > ___ > > Asterisk-Users mailing list > > [EMAIL PROTECTED] > > http://lists.digium.com/mailman/listinfo/asterisk-users > > To UNSUBSCRIBE or update options visit: >
Re: [Asterisk-Users] VoIP hackers gut Caller ID
Institutions using caller ID could just impliment a callback feature to verify identity, but even then a "phone guy" could be sitting outside your house or business with a butt set. In all reality, there is no way to ID someone without knowing them AND conducting a face to face transaction (and even then, how can you really be sure that you "know" them?) Username and password are a joke, voice is easily recorded and manipulated, biometrics can be fooled with scotch tape or other means. Someone can swipe your RSA FOB etc... I am sure terrorist are using VoIP, they arent stupid (when it comes to technology). They have been merging messages into images and posting them on the internet for years. That takes more know how than placing a voip call. Thanks, Steve Totaro - Original Message - From: "Brian Cuthie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 08, 2004 8:28 AM Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > > The real problem here is that people shouldn't be using callerid as an > authentication scheme. Lots of people have had the ability to set > arbitrary clid for years and yet banks and other institutions have > stupidly used it to authenticate callers. Complaints should be directed > to them and not the VoIP industry. > > -brian > > > Alex wrote: > > >Here is what you can possibly do: > > - Steal calling cards if they are useing caller id authentication > >scheme > > - Get access to personal banking information (Citibank uses callerid > >as part of authentication process.) > > - Purchase goods and services backed up by calling verification. > > > >I can go on and on for hours. Main point of story that [EMAIL PROTECTED] will hit > >the fan > >and VOIP will be regulated badly. Especially if some known terrorist will > >confess about using Vonage in Afaganistan.or some of drug dealers/weapon > >traders will be cought . > > > >Bug generraly author of that article is an idiot. He does not understand the > >difference beteween VOIP and ISDN PRI. > > > > > >-----Original Message----- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On Behalf Of listas iPfone > >Sent: Wednesday, July 07, 2004 6:26 PM > >To: [EMAIL PROTECTED] > >Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > > > >This is very interesting... > > > >Regulations..USA... > > > >But... what can i do faking a caller id? stolen what? what is the point? > > > >miklos > > > >- Original Message - > >From: "Steve Totaro" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Wednesday, July 07, 2004 12:56 PM > >Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > > > > > > > > > >>why regulate? nobody regulates the return address on a letter sent via > >>USPS. > >> > >> > >>- Original Message - > >>From: "Kevin Walsh" <[EMAIL PROTECTED]> > >>To: <[EMAIL PROTECTED]> > >>Sent: Wednesday, July 07, 2004 10:00 AM > >>Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > >> > >> > >> > >> > >>>Adam Hart [EMAIL PROTECTED] wrote: > >>> > >>> > >>>>Chris Foster wrote: > >>>> > >>>> > >>>>>The Register is carrying a article written by Kevin Poulsen of > >>>>>Securtiy Focus, calling asterisk "..the most powerful tool for > >>>>>manipulating and accessing CPN data.." > >>>>> > >>>>>I hope NuFone doesn't drop asterisk-set-able callerid's after this > >>>>>article; i've been wanting that feature from voicepluse for a long > >>>>>time. > >>>>> > >>>>> > >>>>> > >>>>These kind of things will be reason (excuse) for Voip to be regulated > >>>> > >>>> > >>>> > >>>Perhaps service providers who allow the Caller*ID to be set should > >>>insist that customers provide evidence that they own the phone numbers > >>>that they want to publish, and then limit the customers' choices to > >>>only the numbers in their approved list. Calling the customer on the > >>>provided number(s) would be an easy way to check, and a setup fee > >>>could be levied to cover the provider's time and expenses, if required. > >>> > >>>Being abl
RE: [Asterisk-Users] VoIP hackers gut Caller ID
See bottom > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Timothy R. > McKee > Sent: Thursday, July 08, 2004 12:05 AM > To: [EMAIL PROTECTED] > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > If he is routing tandem traffic he would be running IMTs and be SS-7 > interconnected. Hopefully his switching/prepaid equipment would have > authentication capabilities to allow the registered caller id be > generated. > > Note this peeve is against end-users manipulating it, not service > providers. > This comment is aimed at ISDN BRIs, PRIs, and PBX (trunk-side) DS1s where > the end-user currently is able to spoof anything desired to the service > provider's switch. > > > > Timothy R. McKee > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Boyd > Sent: Wednesday, July 07, 2004 17:48 > To: [EMAIL PROTECTED] > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Timothy R. > > McKee > > Sent: Wednesday, July 07, 2004 11:58 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > > > > This has always been one of my pet peeves, even as I worked in the > > industry. > > A telco switch operating a DS1 on trunk side should enforce caller-id > > numbers to be within the range of DID numbers assigned to that trunk. > > There should be a default DID number that is used to replace any > > *invalid* numbers > > sent on that trunk. Note that blocked caller ids would still be > > blocked, but the rest of the data should be corrected. Blocking ID is > > ok, lying about it is not. > > > > Blind trust of a non-SS7 link is a _bad_ thing. > > > > > > Timothy R. McKee > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Kevin > > Walsh > > Sent: Wednesday, July 07, 2004 10:01 > > To: [EMAIL PROTECTED] > > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > > Adam Hart [EMAIL PROTECTED] wrote: > > > Chris Foster wrote: > > > > The Register is carrying a article written by Kevin Poulsen of > > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > > manipulating and accessing CPN data.." > > > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > > > article; i've been wanting that feature from voicepluse for a long > > > > time. > > > > > > > These kind of things will be reason (excuse) for Voip to be > > > regulated > > > > > Perhaps service providers who allow the Caller*ID to be set should > > insist that customers provide evidence that they own the phone numbers > > that they want to publish, and then limit the customers' choices to > > only the numbers in their approved list. Calling the customer on the > > provided number(s) would be an easy way to check, and a setup fee > > could be levied to cover the provider's time and expenses, if > > required. > > > > Being able to discover a "blocked" Caller*ID is another matter. Both > > are good areas for regulation. > > > > -- > >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > > > ___ > > Asterisk-Users mailing list > > [EMAIL PROTECTED] > > http://lists.digium.com/mailman/listinfo/asterisk-users > > To UNSUBSCRIBE or update options visit: > >http://lists.digium.com/mailman/listinfo/asterisk-users > > > > ___ > > Asterisk-Users mailing list > > [EMAIL PROTECTED] > > http://lists.digium.com/mailman/listinfo/asterisk-users > > To UNSUBSCRIBE or update options visit: > >http://lists.digium.com/mailman/listinfo/asterisk-users > > How then should a service provider who is routing tandem traffic place a > call through any other network? This would preclude the ability for > pre-paid or post paid providers to send out traffic
Re: [Asterisk-Users] VoIP hackers gut Caller ID
It is imperative that the ability to set caller ID's is kept as we need this in everyday business. stuart - Original Message - From: "Brian Cuthie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 08, 2004 1:28 PM Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > > The real problem here is that people shouldn't be using callerid as an > authentication scheme. Lots of people have had the ability to set > arbitrary clid for years and yet banks and other institutions have > stupidly used it to authenticate callers. Complaints should be directed > to them and not the VoIP industry. > > -brian > > > Alex wrote: > > >Here is what you can possibly do: > > - Steal calling cards if they are useing caller id authentication > >scheme > > - Get access to personal banking information (Citibank uses callerid > >as part of authentication process.) > > - Purchase goods and services backed up by calling verification. > > > >I can go on and on for hours. Main point of story that [EMAIL PROTECTED] will hit > >the fan > >and VOIP will be regulated badly. Especially if some known terrorist will > >confess about using Vonage in Afaganistan.or some of drug dealers/weapon > >traders will be cought . > > > >Bug generraly author of that article is an idiot. He does not understand the > >difference beteween VOIP and ISDN PRI. > > > > > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On Behalf Of listas iPfone > >Sent: Wednesday, July 07, 2004 6:26 PM > >To: [EMAIL PROTECTED] > >Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > > > >This is very interesting... > > > >Regulations..USA... > > > >But... what can i do faking a caller id? stolen what? what is the point? > > > >miklos > > > >- Original Message - > >From: "Steve Totaro" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Wednesday, July 07, 2004 12:56 PM > >Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > > > > > > > > > >>why regulate? nobody regulates the return address on a letter sent via > >>USPS. > >> > >> > >>- Original Message - > >>From: "Kevin Walsh" <[EMAIL PROTECTED]> > >>To: <[EMAIL PROTECTED]> > >>Sent: Wednesday, July 07, 2004 10:00 AM > >>Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > >> > >> > >> > >> > >>>Adam Hart [EMAIL PROTECTED] wrote: > >>> > >>> > >>>>Chris Foster wrote: > >>>> > >>>> > >>>>>The Register is carrying a article written by Kevin Poulsen of > >>>>>Securtiy Focus, calling asterisk "..the most powerful tool for > >>>>>manipulating and accessing CPN data.." > >>>>> > >>>>>I hope NuFone doesn't drop asterisk-set-able callerid's after this > >>>>>article; i've been wanting that feature from voicepluse for a long > >>>>>time. > >>>>> > >>>>> > >>>>> > >>>>These kind of things will be reason (excuse) for Voip to be regulated > >>>> > >>>> > >>>> > >>>Perhaps service providers who allow the Caller*ID to be set should > >>>insist that customers provide evidence that they own the phone numbers > >>>that they want to publish, and then limit the customers' choices to > >>>only the numbers in their approved list. Calling the customer on the > >>>provided number(s) would be an easy way to check, and a setup fee > >>>could be levied to cover the provider's time and expenses, if required. > >>> > >>>Being able to discover a "blocked" Caller*ID is another matter. Both > >>>are good areas for regulation. > >>> > >>>-- > >>> _/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > >>> _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > >>> _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > >>>_/ _/ _/_/_/_/ _/_/_/_/ _/_/ > >>> > >>>___ > >>>Asterisk-Users mailing list > >>>[EMAIL PROTECTED] > >>>http://lists.digium.com/mailman/listinfo/asterisk-users > >>>To
Re: [Asterisk-Users] VoIP hackers gut Caller ID
The real problem here is that people shouldn't be using callerid as an authentication scheme. Lots of people have had the ability to set arbitrary clid for years and yet banks and other institutions have stupidly used it to authenticate callers. Complaints should be directed to them and not the VoIP industry. -brian Alex wrote: Here is what you can possibly do: - Steal calling cards if they are useing caller id authentication scheme - Get access to personal banking information (Citibank uses callerid as part of authentication process.) - Purchase goods and services backed up by calling verification. I can go on and on for hours. Main point of story that [EMAIL PROTECTED] will hit the fan and VOIP will be regulated badly. Especially if some known terrorist will confess about using Vonage in Afaganistan.or some of drug dealers/weapon traders will be cought . Bug generraly author of that article is an idiot. He does not understand the difference beteween VOIP and ISDN PRI. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of listas iPfone Sent: Wednesday, July 07, 2004 6:26 PM To: [EMAIL PROTECTED] Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID This is very interesting... Regulations..USA... But... what can i do faking a caller id? stolen what? what is the point? miklos - Original Message - From: "Steve Totaro" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 07, 2004 12:56 PM Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID why regulate? nobody regulates the return address on a letter sent via USPS. - Original Message - From: "Kevin Walsh" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 07, 2004 10:00 AM Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID Adam Hart [EMAIL PROTECTED] wrote: Chris Foster wrote: The Register is carrying a article written by Kevin Poulsen of Securtiy Focus, calling asterisk "..the most powerful tool for manipulating and accessing CPN data.." I hope NuFone doesn't drop asterisk-set-able callerid's after this article; i've been wanting that feature from voicepluse for a long time. These kind of things will be reason (excuse) for Voip to be regulated Perhaps service providers who allow the Caller*ID to be set should insist that customers provide evidence that they own the phone numbers that they want to publish, and then limit the customers' choices to only the numbers in their approved list. Calling the customer on the provided number(s) would be an easy way to check, and a setup fee could be levied to cover the provider's time and expenses, if required. Being able to discover a "blocked" Caller*ID is another matter. Both are good areas for regulation. -- _/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] _/ _/ _/_/_/_/ _/_/_/_/ _/_/ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
Because if p2p voip means i get the same volume of junk phonecalls as i currently do spam emails i am not even going to _think_ about adopting it. We _need_ authentification. "Steve Totaro" <[EMAIL PROTECTED]> wrote: __ >why regulate? nobody regulates the return address on a letter sent via >USPS. > > >- Original Message - >From: "Kevin Walsh" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Wednesday, July 07, 2004 10:00 AM >Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > >> Adam Hart [EMAIL PROTECTED] wrote: >> > Chris Foster wrote: >> > > The Register is carrying a article written by Kevin Poulsen of >> > > Securtiy Focus, calling asterisk "..the most powerful tool for >> > > manipulating and accessing CPN data.." >> > > >> > > I hope NuFone doesn't drop asterisk-set-able callerid's after this >> > > article; i've been wanting that feature from voicepluse for a long >> > > time. >> > > >> > These kind of things will be reason (excuse) for Voip to be regulated >> > >> Perhaps service providers who allow the Caller*ID to be set should >> insist that customers provide evidence that they own the phone numbers >> that they want to publish, and then limit the customers' choices to >> only the numbers in their approved list. Calling the customer on the >> provided number(s) would be an easy way to check, and a setup fee >> could be levied to cover the provider's time and expenses, if required. >> >> Being able to discover a "blocked" Caller*ID is another matter. Both >> are good areas for regulation. >> >> -- >>_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ >> _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h >> _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] >> _/ _/ _/_/_/_/ _/_/_/_/ _/_/ >> >> ___ >> Asterisk-Users mailing list >> [EMAIL PROTECTED] >> http://lists.digium.com/mailman/listinfo/asterisk-users >> To UNSUBSCRIBE or update options visit: >>http://lists.digium.com/mailman/listinfo/asterisk-users >> > >___ >Asterisk-Users mailing list >[EMAIL PROTECTED] >http://lists.digium.com/mailman/listinfo/asterisk-users >To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
> However if I set the CallerID digits to anywhere within our 100-number block > DID range, the exchange will happily pass on the specific number... guess it > might be a combination of Euro ISDN standards and how the local telco's > configure the exchanges. Interesting. Our incumbent "Deutsche Telekom" sells a disabled screening on a BRI port for 2,x Euros per month to anybody who asks. To be fair they will set the screening indicator to 'user provided, not screened', so in theory a called party could tell (one can on another BRI line). Unfortunately, the screening indicator does not appear on analog lines or mobiles. This "feature" really comes in handy, if you forward calls coming from 3rd parties to your mobile as you can preserve the original callerid and can return any calls missed. Thilo P.S.: Don't worry about fake callerid coming from Germany. Any numbering plan indicators will be set to national. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
On Wed, Jul 07, 2004 at 07:19:44PM -0800, rich allen wrote: > what do you mean "not quite right"??? > if the clid is supposed to be blocked then don't send it. if the far > end is a law enforcement or emergency agency then the clid is NOT > supposed to be blocked!! if the originating switch had the ability to > send or not send, problem solved for voip providers from getting a > "blocked clid" CLID is NEVER blocked at the SS7 level (well almost), it flagged as withheld. Steve -- NetTek Ltd Phone/Fax +44-(0)20 7483 2455 SMS steve-epage (at) gbnet.net [body] gpg 1024D/468952DB 2001-09-19 ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
Alex wrote: Bug generraly author of that article is an idiot. He does not understand the difference beteween VOIP and ISDN PRI. Right on! I agree completely. Jeremy McNamara ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
R: [Asterisk-Users] VoIP hackers gut Caller ID
> hi... > > here in Italy is almost impossible to set an > invalid cid, if is out of your allowed space. > ie. if you have X numbers on your PRI, > you can only set one of these. nothing more. > on bri you simply cannot do nothing. > > just my 2 cents. In Switzerland CLI is also impossible to spoof - by default. If you ask the BRI/PRI provider, and you have an ISDN connection with DDI, they enable "CLIP Special Arrangement", which allows to add a presentation number to the real CLI. So you can't really abuse of it, because your "real" number is always transmitted together with your "pretend-to-be CLI". The advantage of this is that anyone can change his CLI, for example to make outgoing calls and show a 0800 number in the customer's cell phone. We use this feature in our company, because our customers know us by our 0800 number, not the "real" number hiding behind it. The disadvantage is that not all networks accept presentation numbers, for example Orange Mobile. In this case, the caller's real CLI will be displayed instead of the presentation number. If you get yourself an SS7 link that's a different story, but in this case you're supposed to be a "trusted entity", and you shall not spoof and play with numbers that you're not allowed to use. IMHO, trusted entities with SS7 links that abuse of that power should simply be disconnected from the public network. Not every kid with a couple $1000 spare should be allowed to play with this. -Manuel ___ Ticinocom SA - Via Stazione 5 - 6600 Muralto Tel 0844 007070 - Fax 0844 007071 http://www.ticinocom.com ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
Here is what you can possibly do: - Steal calling cards if they are useing caller id authentication scheme - Get access to personal banking information (Citibank uses callerid as part of authentication process.) - Purchase goods and services backed up by calling verification. I can go on and on for hours. Main point of story that [EMAIL PROTECTED] will hit the fan and VOIP will be regulated badly. Especially if some known terrorist will confess about using Vonage in Afaganistan.or some of drug dealers/weapon traders will be cought . Bug generraly author of that article is an idiot. He does not understand the difference beteween VOIP and ISDN PRI. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of listas iPfone Sent: Wednesday, July 07, 2004 6:26 PM To: [EMAIL PROTECTED] Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID This is very interesting... Regulations..USA... But... what can i do faking a caller id? stolen what? what is the point? miklos - Original Message - From: "Steve Totaro" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 07, 2004 12:56 PM Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > why regulate? nobody regulates the return address on a letter sent via > USPS. > > > - Original Message - > From: "Kevin Walsh" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, July 07, 2004 10:00 AM > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > > Adam Hart [EMAIL PROTECTED] wrote: > > > Chris Foster wrote: > > > > The Register is carrying a article written by Kevin Poulsen of > > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > > manipulating and accessing CPN data.." > > > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > > > article; i've been wanting that feature from voicepluse for a long > > > > time. > > > > > > > These kind of things will be reason (excuse) for Voip to be regulated > > > > > Perhaps service providers who allow the Caller*ID to be set should > > insist that customers provide evidence that they own the phone numbers > > that they want to publish, and then limit the customers' choices to > > only the numbers in their approved list. Calling the customer on the > > provided number(s) would be an easy way to check, and a setup fee > > could be levied to cover the provider's time and expenses, if required. > > > > Being able to discover a "blocked" Caller*ID is another matter. Both > > are good areas for regulation. > > > > -- > >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > > > ___ > > Asterisk-Users mailing list > > [EMAIL PROTECTED] > > http://lists.digium.com/mailman/listinfo/asterisk-users > > To UNSUBSCRIBE or update options visit: > >http://lists.digium.com/mailman/listinfo/asterisk-users > > > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > > ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
> hi... > > here in Italy is almost impossible to set an > invalid cid, if is out of your allowed space. > ie. if you have X numbers on your PRI, > you can only set one of these. nothing more. > on bri you simply cannot do nothing. > > just my 2 cents. Indeed I've noticed here in Australia on BRI-ISDN (2x B channels) with DID I can't spoof numbers to the exchange... it's been a while since I toyed with the system, but from memory I could attempt to set any 9 digit number I wanted for the CallerID string, however the exchange would not allow that to go through and instead passed through the correct group directory number (primary number) for the service. However if I set the CallerID digits to anywhere within our 100-number block DID range, the exchange will happily pass on the specific number... guess it might be a combination of Euro ISDN standards and how the local telco's configure the exchanges. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
Insofar as I know it wasn't a feature in our DMS500 software load, if it was the translations/provisioning folks didn't seem to be aware of if. Timothy R. McKee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Whitten Sent: Wednesday, July 07, 2004 17:51 To: [EMAIL PROTECTED] Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID this is true, but Bellsouth (our local RBOC) only allows numbers in our DID range to pass. I can set the outbound caller id to anything, but if its not in our DID range, then the lead number of the DID range is sent out. Are other telco's not doing this? On Wednesday 07 July 2004 11:04, brian wrote: > Anyone with a PRI/ISDN line can set callerid to anything... Not just > voip, not just asterisk. Come on guys. > > bkw > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:asterisk-users- > > [EMAIL PROTECTED] On Behalf Of Kevin Walsh > > Sent: Wednesday, July 07, 2004 9:01 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > > Adam Hart [EMAIL PROTECTED] wrote: > > > Chris Foster wrote: > > > > The Register is carrying a article written by Kevin Poulsen of > > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > > manipulating and accessing CPN data.." > > > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after > > > > this article; i've been wanting that feature from voicepluse for > > > > a long time. > > > > > > These kind of things will be reason (excuse) for Voip to be > > > regulated > > > > Perhaps service providers who allow the Caller*ID to be set should > > insist that customers provide evidence that they own the phone > > numbers that they want to publish, and then limit the customers' > > choices to only the numbers in their approved list. Calling the > > customer on the provided number(s) would be an easy way to check, > > and a setup fee could be levied to cover the provider's time and expenses, if required. > > > > Being able to discover a "blocked" Caller*ID is another matter. > > Both are good areas for regulation. > > > > -- > >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > > > ___ > > Asterisk-Users mailing list > > [EMAIL PROTECTED] > > http://lists.digium.com/mailman/listinfo/asterisk-users > > To UNSUBSCRIBE or update options visit: > >http://lists.digium.com/mailman/listinfo/asterisk-users > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users -- Chad Whitten Network/Systems Administrator [EMAIL PROTECTED] 601-944-4801 Phone ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
If he is routing tandem traffic he would be running IMTs and be SS-7 interconnected. Hopefully his switching/prepaid equipment would have authentication capabilities to allow the registered caller id be generated. Note this peeve is against end-users manipulating it, not service providers. This comment is aimed at ISDN BRIs, PRIs, and PBX (trunk-side) DS1s where the end-user currently is able to spoof anything desired to the service provider's switch. Timothy R. McKee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Boyd Sent: Wednesday, July 07, 2004 17:48 To: [EMAIL PROTECTED] Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Timothy R. > McKee > Sent: Wednesday, July 07, 2004 11:58 AM > To: [EMAIL PROTECTED] > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > This has always been one of my pet peeves, even as I worked in the > industry. > A telco switch operating a DS1 on trunk side should enforce caller-id > numbers to be within the range of DID numbers assigned to that trunk. > There should be a default DID number that is used to replace any > *invalid* numbers > sent on that trunk. Note that blocked caller ids would still be > blocked, but the rest of the data should be corrected. Blocking ID is > ok, lying about it is not. > > Blind trust of a non-SS7 link is a _bad_ thing. > > > Timothy R. McKee > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kevin > Walsh > Sent: Wednesday, July 07, 2004 10:01 > To: [EMAIL PROTECTED] > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > Adam Hart [EMAIL PROTECTED] wrote: > > Chris Foster wrote: > > > The Register is carrying a article written by Kevin Poulsen of > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > manipulating and accessing CPN data.." > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > > article; i've been wanting that feature from voicepluse for a long > > > time. > > > > > These kind of things will be reason (excuse) for Voip to be > > regulated > > > Perhaps service providers who allow the Caller*ID to be set should > insist that customers provide evidence that they own the phone numbers > that they want to publish, and then limit the customers' choices to > only the numbers in their approved list. Calling the customer on the > provided number(s) would be an easy way to check, and a setup fee > could be levied to cover the provider's time and expenses, if > required. > > Being able to discover a "blocked" Caller*ID is another matter. Both > are good areas for regulation. > > -- >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users How then should a service provider who is routing tandem traffic place a call through any other network? This would preclude the ability for pre-paid or post paid providers to send out traffic at the originating customers request with correct callerid! Dave ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
Chad Whitten wrote: this is true, but Bellsouth (our local RBOC) only allows numbers in our DID range to pass. I can set the outbound caller id to anything, but if its not in our DID range, then the lead number of the DID range is sent out. Are other telco's not doing this? No, not as a rule. And if you complain, the ones that do can make it go away, Nick ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
rich allen wrote: this is really simple, companies like Nortel, Lucent need to change their code for caller id, if the number should be blocked then dont transmit it to the far end switch That's a really bad idea. Even worse than top-posting. My local PSAP should know what number I'm calling from, because I'd like police/fire/EMS units to show up at my house if I can't tell them where I'm calling from. My phone company would also enjoy knowing where the call came from for the sake of preventing toll fraud from any Tom, Dick, and Harry with a SS7 connection. If CLID is blocked (or "presentation restricted" in SS7 ISUP parlance) only networks should see the Caller*ID, never users. This is a situation where network operators must not abrogate their responsibly to make and enforce policy; software solutions to policy problems are never panacean, just as policy can't fix an unencrypted password file. Nick ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
what do you mean "not quite right"??? if the clid is supposed to be blocked then don't send it. if the far end is a law enforcement or emergency agency then the clid is NOT supposed to be blocked!! if the originating switch had the ability to send or not send, problem solved for voip providers from getting a "blocked clid" - hcir On Jul 7, 2004, at 1:47 PM, Steve Kennedy wrote: On Wed, Jul 07, 2004 at 07:57:36AM -0800, rich allen wrote: this is really simple, companies like Nortel, Lucent need to change their code for caller id, if the number should be blocked then dont transmit it to the far end switch Err, not quite right. There are a few circumstances when called ID can be blocked (it's rumoured certain spook agencies have this ability), however if a "user" withholds CID, then it's just flagged at the local switch and passed switch to switch with the withold CLI flag. The terminating switch should then NOT pass on CLI if the withold flag is set on to an end-user line. Of course some agencies will get CLI passed even if the withold flag is set (in the UK, Police, fire, etc, potentially even ISPs for abuse purposes - but they are not meant to abuse the privilige). ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
JerJer said they never tried to call him. bkw - Original Message - From: "Steve Totaro" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 07, 2004 4:03 PM Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > I liked the "NuFone chief Jeremy McNamara didn't return phone calls for this > story."line. ;-) > > > - Original Message - > From: "Jeremy McNamara" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, July 07, 2004 11:45 AM > Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > > > Chris Foster wrote: > > > > > The Register is carrying a article written by Kevin Poulsen of > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > manipulating and accessing CPN data.." > > > > > > > > >>http://www.theregister.co.uk/2004/07/07/hackers_gut_voip/ > > > > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > > article; i've been wanting that feature from voicepluse for a long > > > time. > > > > > > Then NuFone customers better not abuse this power. > > > > > > > > Jeremy McNamara > > ___ > > Asterisk-Users mailing list > > [EMAIL PROTECTED] > > http://lists.digium.com/mailman/listinfo/asterisk-users > > To UNSUBSCRIBE or update options visit: > >http://lists.digium.com/mailman/listinfo/asterisk-users > > > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
The switches already support this. In most parts of the world an end user trunk can only use a caller ID within their allocated blocks of numbers. Attempts to use other caller IDs usually result in the call being rejected. In some cases it results in the call completing, but the receiver sees a default caller ID for the sub who initiated the call, rather than the one the sub tried to use. Regards, Steve rich allen wrote: this is really simple, companies like Nortel, Lucent need to change their code for caller id, if the number should be blocked then dont transmit it to the far end switch - hcir On Jul 7, 2004, at 6:00 AM, Kevin Walsh wrote: Adam Hart [EMAIL PROTECTED] wrote: Chris Foster wrote: The Register is carrying a article written by Kevin Poulsen of Securtiy Focus, calling asterisk "..the most powerful tool for manipulating and accessing CPN data.." I hope NuFone doesn't drop asterisk-set-able callerid's after this article; i've been wanting that feature from voicepluse for a long time. These kind of things will be reason (excuse) for Voip to be regulated Perhaps service providers who allow the Caller*ID to be set should insist that customers provide evidence that they own the phone numbers that they want to publish, and then limit the customers' choices to only the numbers in their approved list. Calling the customer on the provided number(s) would be an easy way to check, and a setup fee could be levied to cover the provider's time and expenses, if required. Being able to discover a "blocked" Caller*ID is another matter. Both are good areas for regulation. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
brian wrote: Anyone with a PRI/ISDN line can set callerid to anything... Not just voip, not just asterisk. Come on guys. bkw I thought that was the idea of using ISDN. We do it with PBXs all the time, setting the callerid to your DDI number or just set every call to appear to call from the main line. As for getting the so-called 'witheld' number, it's a feature at the signalling level. Over here, when you text using a mobile phone with a 'witheld' number, it still shows up at the receiving end. If these are security problem, it's the ISDN protocol's fault. The author is obviously barking up the wrong tree. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
This is very interesting... Regulations..USA... But... what can i do faking a caller id? stolen what? what is the point? miklos - Original Message - From: "Steve Totaro" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 07, 2004 12:56 PM Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > why regulate? nobody regulates the return address on a letter sent via > USPS. > > > - Original Message - > From: "Kevin Walsh" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, July 07, 2004 10:00 AM > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > > Adam Hart [EMAIL PROTECTED] wrote: > > > Chris Foster wrote: > > > > The Register is carrying a article written by Kevin Poulsen of > > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > > manipulating and accessing CPN data.." > > > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > > > article; i've been wanting that feature from voicepluse for a long > > > > time. > > > > > > > These kind of things will be reason (excuse) for Voip to be regulated > > > > > Perhaps service providers who allow the Caller*ID to be set should > > insist that customers provide evidence that they own the phone numbers > > that they want to publish, and then limit the customers' choices to > > only the numbers in their approved list. Calling the customer on the > > provided number(s) would be an easy way to check, and a setup fee > > could be levied to cover the provider's time and expenses, if required. > > > > Being able to discover a "blocked" Caller*ID is another matter. Both > > are good areas for regulation. > > > > -- > >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > > > ___ > > Asterisk-Users mailing list > > [EMAIL PROTECTED] > > http://lists.digium.com/mailman/listinfo/asterisk-users > > To UNSUBSCRIBE or update options visit: > >http://lists.digium.com/mailman/listinfo/asterisk-users > > > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > > ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
this is true, but Bellsouth (our local RBOC) only allows numbers in our DID range to pass. I can set the outbound caller id to anything, but if its not in our DID range, then the lead number of the DID range is sent out. Are other telco's not doing this? On Wednesday 07 July 2004 11:04, brian wrote: > Anyone with a PRI/ISDN line can set callerid to anything... Not just voip, > not just asterisk. Come on guys. > > bkw > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:asterisk-users- > > [EMAIL PROTECTED] On Behalf Of Kevin Walsh > > Sent: Wednesday, July 07, 2004 9:01 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > > Adam Hart [EMAIL PROTECTED] wrote: > > > Chris Foster wrote: > > > > The Register is carrying a article written by Kevin Poulsen of > > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > > manipulating and accessing CPN data.." > > > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > > > article; i've been wanting that feature from voicepluse for a long > > > > time. > > > > > > These kind of things will be reason (excuse) for Voip to be regulated > > > > Perhaps service providers who allow the Caller*ID to be set should > > insist that customers provide evidence that they own the phone numbers > > that they want to publish, and then limit the customers' choices to > > only the numbers in their approved list. Calling the customer on the > > provided number(s) would be an easy way to check, and a setup fee > > could be levied to cover the provider's time and expenses, if required. > > > > Being able to discover a "blocked" Caller*ID is another matter. Both > > are good areas for regulation. > > > > -- > >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > > > ___ > > Asterisk-Users mailing list > > [EMAIL PROTECTED] > > http://lists.digium.com/mailman/listinfo/asterisk-users > > To UNSUBSCRIBE or update options visit: > >http://lists.digium.com/mailman/listinfo/asterisk-users > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users -- Chad Whitten Network/Systems Administrator [EMAIL PROTECTED] 601-944-4801 Phone ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
On Wed, Jul 07, 2004 at 07:57:36AM -0800, rich allen wrote: > this is really simple, companies like Nortel, Lucent need to change > their code for caller id, if the number should be blocked then dont > transmit it to the far end switch Err, not quite right. There are a few circumstances when called ID can be blocked (it's rumoured certain spook agencies have this ability), however if a "user" withholds CID, then it's just flagged at the local switch and passed switch to switch with the withold CLI flag. The terminating switch should then NOT pass on CLI if the withold flag is set on to an end-user line. Of course some agencies will get CLI passed even if the withold flag is set (in the UK, Police, fire, etc, potentially even ISPs for abuse purposes - but they are not meant to abuse the privilige). Steve -- NetTek Ltd Phone/Fax +44-(0)20 7483 2455 SMS steve-epage (at) gbnet.net [body] gpg 1024D/468952DB 2001-09-19 ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Timothy R. > McKee > Sent: Wednesday, July 07, 2004 11:58 AM > To: [EMAIL PROTECTED] > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > > This has always been one of my pet peeves, even as I worked in > the industry. > A telco switch operating a DS1 on trunk side should enforce caller-id > numbers to be within the range of DID numbers assigned to that > trunk. There > should be a default DID number that is used to replace any > *invalid* numbers > sent on that trunk. Note that blocked caller ids would still be blocked, > but the rest of the data should be corrected. Blocking ID is ok, lying > about it is not. > > Blind trust of a non-SS7 link is a _bad_ thing. > > > Timothy R. McKee > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Walsh > Sent: Wednesday, July 07, 2004 10:01 > To: [EMAIL PROTECTED] > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > Adam Hart [EMAIL PROTECTED] wrote: > > Chris Foster wrote: > > > The Register is carrying a article written by Kevin Poulsen of > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > manipulating and accessing CPN data.." > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > > article; i've been wanting that feature from voicepluse for a long > > > time. > > > > > These kind of things will be reason (excuse) for Voip to be regulated > > > Perhaps service providers who allow the Caller*ID to be set should insist > that customers provide evidence that they own the phone numbers that they > want to publish, and then limit the customers' choices to only the numbers > in their approved list. Calling the customer on the provided number(s) > would be an easy way to check, and a setup fee could be levied to > cover the > provider's time and expenses, if required. > > Being able to discover a "blocked" Caller*ID is another matter. Both are > good areas for regulation. > > -- >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users How then should a service provider who is routing tandem traffic place a call through any other network? This would preclude the ability for pre-paid or post paid providers to send out traffic at the originating customers request with correct callerid! Dave ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
rich allen wrote: > this is really simple, companies like Nortel, Lucent need to change > their code for caller id, if the number should be blocked then dont > transmit it to the far end switch Actually, it wouldn't surprise me if the options for this were already implemented. But, that's nothing we'll ever hear about. What we will hear about is the threat to privacy that all these VOIP systems expose(actually flaws in the telco network, but shh, don't tell anyone). We'll hear about the billions of dollars it will take to upgrade every switch in the country, how it could lead to service problems for users, and how it could all be avoided by *simply* requiring more regulation and control of VOIP equipment. - Andrew Thompson http://aktzero.com/ http://www.retirequickly.com/43653 ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
The rule has always been with nufone.. "Abuse you loose" Plain and simple. bkw > -Original Message- > From: [EMAIL PROTECTED] [mailto:asterisk-users- > [EMAIL PROTECTED] On Behalf Of Jeremy McNamara > Sent: Wednesday, July 07, 2004 10:46 AM > To: [EMAIL PROTECTED] > Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > > Chris Foster wrote: > > > The Register is carrying a article written by Kevin Poulsen of > > Securtiy Focus, calling asterisk "..the most powerful tool for > > manipulating and accessing CPN data.." > > > > > >>http://www.theregister.co.uk/2004/07/07/hackers_gut_voip/ > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > article; i've been wanting that feature from voicepluse for a long > > time. > > > Then NuFone customers better not abuse this power. > > > > Jeremy McNamara > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
Just asking for abuse though unless it is restricted or grounds for termination without a refund, People prefer to set their CID to a proper call back number such as myself but it has can be used for less positive uses. On Wed, 07 Jul 2004 11:45:48 -0400, Jeremy McNamara <[EMAIL PROTECTED]> wrote: > Chris Foster wrote: > > > The Register is carrying a article written by Kevin Poulsen of > > Securtiy Focus, calling asterisk "..the most powerful tool for > > manipulating and accessing CPN data.." > > > > > >>http://www.theregister.co.uk/2004/07/07/hackers_gut_voip/ > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > article; i've been wanting that feature from voicepluse for a long > > time. > > > Then NuFone customers better not abuse this power. > > > Jeremy McNamara > > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
I liked the "NuFone chief Jeremy McNamara didn't return phone calls for this story."line. ;-) - Original Message - From: "Jeremy McNamara" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 07, 2004 11:45 AM Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID > Chris Foster wrote: > > > The Register is carrying a article written by Kevin Poulsen of > > Securtiy Focus, calling asterisk "..the most powerful tool for > > manipulating and accessing CPN data.." > > > > > >>http://www.theregister.co.uk/2004/07/07/hackers_gut_voip/ > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > article; i've been wanting that feature from voicepluse for a long > > time. > > > Then NuFone customers better not abuse this power. > > > > Jeremy McNamara > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
On Jul 7, 2004, at 7:00 AM, Kevin Walsh wrote: Perhaps service providers who allow the Caller*ID to be set should insist that customers provide evidence that they own the phone numbers that they want to publish, and then limit the customers' choices to only the numbers in their approved list. Calling the customer on the provided number(s) would be an easy way to check, and a setup fee could be levied to cover the provider's time and expenses, if required. Why? This completely destroys legitimate uses for controlling your own caller ID. Imagine a simple follow-me service that takes incoming calls over IAX and sends them back out to your home, business, cell, hotel, or wherever phone. Assuming that your IAX provider lets you set your own caller ID, you can forward the call through your system while still keeping the original call's caller ID intact. So, when 212-123-4567 calls you and Asterisk forwards it to your cell phone, you'll see 212-123-4567 on your phone display, *NOT* your own phone number. This is a completely legitimate use for setting your own caller ID. Being able to discover a "blocked" Caller*ID is another matter. Both are good areas for regulation. Nope. The "blocked caller ID" in really ANI information for 800 numbers. The theory is that you're paying for the call, so you get to see who's calling you. It works this way for every other 800 number, why should it be different if it's delivered over IP rather then a T1? Scott ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
On Wed, 2004-07-07 at 05:29, Chris Foster wrote: > I hope NuFone doesn't drop asterisk-set-able callerid's after this > article; i've been wanting that feature from voicepluse for a long > time. My VoicePulse Connect line allows you to set Caller ID. -- PhoneBoy ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
hi... here in Italy is almost impossible to set an invalid cid, if is out of your allowed space. ie. if you have X numbers on your PRI, you can only set one of these. nothing more. on bri you simply cannot do nothing. just my 2 cents. -- Brancaleoni Matteo <[EMAIL PROTECTED]> Espia Srl ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
MCI definately does this. We tryed out a sample to replace our CallerID with the one we forwarded. Did not work :( otherwise it was really cool. But I can imagine if someone talks SS7 noone could 'touch' them, or isn't that true? Stefan On Wed, 7 Jul 2004, Kevin Walsh wrote: > Adam Hart [EMAIL PROTECTED] wrote: > > Chris Foster wrote: > > > The Register is carrying a article written by Kevin Poulsen of > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > manipulating and accessing CPN data.." > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > > article; i've been wanting that feature from voicepluse for a long > > > time. > > > > > These kind of things will be reason (excuse) for Voip to be regulated > > > Perhaps service providers who allow the Caller*ID to be set should > insist that customers provide evidence that they own the phone numbers > that they want to publish, and then limit the customers' choices to > only the numbers in their approved list. Calling the customer on the > provided number(s) would be an easy way to check, and a setup fee > could be levied to cover the provider's time and expenses, if required. > > Being able to discover a "blocked" Caller*ID is another matter. Both > are good areas for regulation. > > -- >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
Anyone with a PRI/ISDN line can set callerid to anything... Not just voip, not just asterisk. Come on guys. bkw > -Original Message- > From: [EMAIL PROTECTED] [mailto:asterisk-users- > [EMAIL PROTECTED] On Behalf Of Kevin Walsh > Sent: Wednesday, July 07, 2004 9:01 AM > To: [EMAIL PROTECTED] > Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > > Adam Hart [EMAIL PROTECTED] wrote: > > Chris Foster wrote: > > > The Register is carrying a article written by Kevin Poulsen of > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > manipulating and accessing CPN data.." > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > > article; i've been wanting that feature from voicepluse for a long > > > time. > > > > > These kind of things will be reason (excuse) for Voip to be regulated > > > Perhaps service providers who allow the Caller*ID to be set should > insist that customers provide evidence that they own the phone numbers > that they want to publish, and then limit the customers' choices to > only the numbers in their approved list. Calling the customer on the > provided number(s) would be an easy way to check, and a setup fee > could be levied to cover the provider's time and expenses, if required. > > Being able to discover a "blocked" Caller*ID is another matter. Both > are good areas for regulation. > > -- >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
This has always been one of my pet peeves, even as I worked in the industry. A telco switch operating a DS1 on trunk side should enforce caller-id numbers to be within the range of DID numbers assigned to that trunk. There should be a default DID number that is used to replace any *invalid* numbers sent on that trunk. Note that blocked caller ids would still be blocked, but the rest of the data should be corrected. Blocking ID is ok, lying about it is not. Blind trust of a non-SS7 link is a _bad_ thing. Timothy R. McKee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Walsh Sent: Wednesday, July 07, 2004 10:01 To: [EMAIL PROTECTED] Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID Adam Hart [EMAIL PROTECTED] wrote: > Chris Foster wrote: > > The Register is carrying a article written by Kevin Poulsen of > > Securtiy Focus, calling asterisk "..the most powerful tool for > > manipulating and accessing CPN data.." > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > article; i've been wanting that feature from voicepluse for a long > > time. > > > These kind of things will be reason (excuse) for Voip to be regulated > Perhaps service providers who allow the Caller*ID to be set should insist that customers provide evidence that they own the phone numbers that they want to publish, and then limit the customers' choices to only the numbers in their approved list. Calling the customer on the provided number(s) would be an easy way to check, and a setup fee could be levied to cover the provider's time and expenses, if required. Being able to discover a "blocked" Caller*ID is another matter. Both are good areas for regulation. -- _/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] _/ _/ _/_/_/_/ _/_/_/_/ _/_/ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
this is really simple, companies like Nortel, Lucent need to change their code for caller id, if the number should be blocked then dont transmit it to the far end switch - hcir On Jul 7, 2004, at 6:00 AM, Kevin Walsh wrote: Adam Hart [EMAIL PROTECTED] wrote: Chris Foster wrote: The Register is carrying a article written by Kevin Poulsen of Securtiy Focus, calling asterisk "..the most powerful tool for manipulating and accessing CPN data.." I hope NuFone doesn't drop asterisk-set-able callerid's after this article; i've been wanting that feature from voicepluse for a long time. These kind of things will be reason (excuse) for Voip to be regulated Perhaps service providers who allow the Caller*ID to be set should insist that customers provide evidence that they own the phone numbers that they want to publish, and then limit the customers' choices to only the numbers in their approved list. Calling the customer on the provided number(s) would be an easy way to check, and a setup fee could be levied to cover the provider's time and expenses, if required. Being able to discover a "blocked" Caller*ID is another matter. Both are good areas for regulation. -- _/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] _/ _/ _/_/_/_/ _/_/_/_/ _/_/ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users - hcir ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
why regulate? nobody regulates the return address on a letter sent via USPS. - Original Message - From: "Kevin Walsh" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 07, 2004 10:00 AM Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID > Adam Hart [EMAIL PROTECTED] wrote: > > Chris Foster wrote: > > > The Register is carrying a article written by Kevin Poulsen of > > > Securtiy Focus, calling asterisk "..the most powerful tool for > > > manipulating and accessing CPN data.." > > > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > > article; i've been wanting that feature from voicepluse for a long > > > time. > > > > > These kind of things will be reason (excuse) for Voip to be regulated > > > Perhaps service providers who allow the Caller*ID to be set should > insist that customers provide evidence that they own the phone numbers > that they want to publish, and then limit the customers' choices to > only the numbers in their approved list. Calling the customer on the > provided number(s) would be an easy way to check, and a setup fee > could be levied to cover the provider's time and expenses, if required. > > Being able to discover a "blocked" Caller*ID is another matter. Both > are good areas for regulation. > > -- >_/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ > _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h > _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] > _/ _/ _/_/_/_/ _/_/_/_/ _/_/ > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
Chris Foster wrote: The Register is carrying a article written by Kevin Poulsen of Securtiy Focus, calling asterisk "..the most powerful tool for manipulating and accessing CPN data.." http://www.theregister.co.uk/2004/07/07/hackers_gut_voip/ I hope NuFone doesn't drop asterisk-set-able callerid's after this article; i've been wanting that feature from voicepluse for a long time. For the record Kevin Poulsen never called me and the account that was abusing caller*id has been terminated. Jeremy McNamara ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
Chris Foster wrote: The Register is carrying a article written by Kevin Poulsen of Securtiy Focus, calling asterisk "..the most powerful tool for manipulating and accessing CPN data.." http://www.theregister.co.uk/2004/07/07/hackers_gut_voip/ I hope NuFone doesn't drop asterisk-set-able callerid's after this article; i've been wanting that feature from voicepluse for a long time. Then NuFone customers better not abuse this power. Jeremy McNamara ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
Adam Hart [EMAIL PROTECTED] wrote: > Chris Foster wrote: > > The Register is carrying a article written by Kevin Poulsen of > > Securtiy Focus, calling asterisk "..the most powerful tool for > > manipulating and accessing CPN data.." > > > > I hope NuFone doesn't drop asterisk-set-able callerid's after this > > article; i've been wanting that feature from voicepluse for a long > > time. > > > These kind of things will be reason (excuse) for Voip to be regulated > Perhaps service providers who allow the Caller*ID to be set should insist that customers provide evidence that they own the phone numbers that they want to publish, and then limit the customers' choices to only the numbers in their approved list. Calling the customer on the provided number(s) would be an easy way to check, and a setup fee could be levied to cover the provider's time and expenses, if required. Being able to discover a "blocked" Caller*ID is another matter. Both are good areas for regulation. -- _/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] _/ _/ _/_/_/_/ _/_/_/_/ _/_/ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] VoIP hackers gut Caller ID
Adam Hart wrote: > These kind of things will be reason (excuse) for Voip to be regulated The sad part is, it's like Gun control. The people who could be the most dangerous will simply skip the public system. If I want a gun for something illegitimate, I steal it, or buy it from someone on a back alley. If I want to make VOIP calls that evade the in-place detection, I set up my own sip network. - Andrew Thompson http://aktzero.com/ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] VoIP hackers gut Caller ID
Chris Foster wrote: The Register is carrying a article written by Kevin Poulsen of Securtiy Focus, calling asterisk "..the most powerful tool for manipulating and accessing CPN data.." http://www.theregister.co.uk/2004/07/07/hackers_gut_voip/ I hope NuFone doesn't drop asterisk-set-able callerid's after this article; i've been wanting that feature from voicepluse for a long time. These kind of things will be reason (excuse) for Voip to be regulated ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] VoIP hackers gut Caller ID
The Register is carrying a article written by Kevin Poulsen of Securtiy Focus, calling asterisk "..the most powerful tool for manipulating and accessing CPN data.." > http://www.theregister.co.uk/2004/07/07/hackers_gut_voip/ I hope NuFone doesn't drop asterisk-set-able callerid's after this article; i've been wanting that feature from voicepluse for a long time. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users