VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
jra at baylink.com
Guest
|
 Posted: Mon May 12, 2008 4:32 pm Post subject: [asterisk-biz] ANI |
 |
|
On Mon, May 12, 2008 at 11:00:22PM +0200, Trixter aka Bret McDanel wrote:
| Quote: | | Quote: | Unless I'm very much mistaken, ANI is a *delivery method*. BTN is a
*label for a subscriber service* which is *delivered via* ANI.
|
ANI is an informational element, how that is transmitted would rely on
the delivery method.
| Quote: | So your assertion doesn't actually make a lot of sense.
|
It makes sense if you properly understand that ANI is information, a
phone number for example, and not a delivery method, sip for example.
|
Do you have a pointer to a data dictionary that lists CLID, ANI, and
BTN as three separate ISUP elements?
| Quote: | | Quote: | I don't see that my assertion there was at all difficult to understand.
|
no its not difficult to understand, its just based on flawed information
as a result its not accurate. ANI is not a delivery method, its an
informational element. That little difference changes a lot in what you
claimed, such as below.
|
Citation. Please.
| Quote: | | Quote: | | Quote: | Case and point the federal government will often send calls out onto the
pstn with a ani and caller id of 0000000000, which is less than valid.
This disproves assertions that it has to point somewhere valid.
|
Nope, it proves that US federal government agencies often break (or,
less often, are exempt from) lots of laws and regulations, often to the
detriment of precisely the people those laws were designed to protect.
And the common usage is "case in point"
|
Uhh, you forgot to quote where you said it was required to point
somewhere valid for the call to go through, which is false it does not.
|
<sigh>
The standard operation of the elements in the PSTN is such that if a
valid ANI is not transmitted along with every call, *some element
somewhere* is going to have a heart attack of one scale or another.
Better?
| Quote: | You have changed from saying its required to point somewhere valid for
the call to route to saying that its a delivery method as opposed to an
informational element. I would suggest that you stop changing your
argument from one thing to another when assertions such as those are
challenged. It makes you look like you dont know what you are talking
about, and given that this is a business list it may make it difficult
for you to market yourself should you desire to do that. Just a little
friendly advice, take it or leave it.
|
*Exactly* what I said was this:
| Quote: | When calls are dumped into the PSTN, they *have* to have valid ANI;
too much of the semantics of the entire remainder of the PSTN depends
on it.
|
| Quote: | If that impairs the ability of some to interact with subscribers to the
PSTN, then they'll have to find another way to cope with it. If you
mean what I think you mean by "aggregators" -- intermediate carriers
who bridge traffic from smaller edge providers to the PSTN, then your
responsiblity is to require that of your edge providers by contracts
with teeth.
|
| Quote: | But there has to be an ANI, and it has to point somewhere valid -- even
if it's the edge provider itself as proxy for the end sub.
|
You are alleging that I said (or even implied) that the call would not
complete if valid ANI wasn't included; clearly, I did not say that.
| Quote: | Thanks for correcting me on case in point vs case and point. I will be
sure to credit you for that, you are correct in that singular point, it
is case in point. My apologies for mistyping a common phrase.
|
Well, dammit, Bret... 
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
 |
jra at baylink.com
Guest
|
| Posted: Mon May 12, 2008 4:34 pm Post subject: [asterisk-biz] ANI |
|
|
On Mon, May 12, 2008 at 11:10:00PM +0200, Trixter aka Bret McDanel wrote:
| Quote: | On Mon, 2008-05-12 at 16:28 -0400, Jay R. Ashworth wrote:
| Quote: | As I noted, I'm perfectly happy to let aggregators do it by contract;
the hammer that will fall on them is big enough that I don't think they
need to validate a second (or third) time.
|
well verification is a particularly hard thing to do correctly. For
|
Only in the core. It's trivial at the edge. IP routing people know
this instinctively, and it translates.
| Quote: | example, e164.org will call the phone number then place the route. This
is not (or so it seems) done at intervals later on, which means you can
get a number, verify it, release it to someone else, get a new one, and
so on. You would end up with a bunch of numbers you only owned long
enough to get verified, and now belong to others, allowing you to hijack
their calls.
|
<sigh>
Please stop with the strawmen, would you?
| Quote: | Ok, so that is a problem with e164.org, but taking the verification
thing further, how exactly do you propose to do this for all the
customers that you have? If you place a phone call, it only proves that
they (or a disgruntled employee) has access to that number at that
particular point in time, it does not verify anything for the future.
|
<sigh> again. Go back and actually read what I wrote... cause it's
sure not what you're responding to.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
trixter at 0xdecafbad.com
Guest
|
| Posted: Mon May 12, 2008 4:57 pm Post subject: [asterisk-biz] ANI |
|
|
On Mon, 2008-05-12 at 17:26 -0400, Jay R. Ashworth wrote:
| Quote: | On Mon, May 12, 2008 at 11:00:22PM +0200, Trixter aka Bret McDanel wrote:
| Quote: | | Quote: | | Quote: | Case and point the federal government will often send calls out onto the
pstn with a ani and caller id of 0000000000, which is less than valid.
This disproves assertions that it has to point somewhere valid.
|
Nope, it proves that US federal government agencies often break (or,
less often, are exempt from) lots of laws and regulations, often to the
detriment of precisely the people those laws were designed to protect.
And the common usage is "case in point"
|
Uhh, you forgot to quote where you said it was required to point
somewhere valid for the call to go through, which is false it does not.
|
<sigh>
The standard operation of the elements in the PSTN is such that if a
valid ANI is not transmitted along with every call, *some element
somewhere* is going to have a heart attack of one scale or another.
Better?
|
Ok first this will be my last post in response to what you are saying,
because you keep changing your point, you keep redefining stuff, and
generally you wont accept in any way that you either misspoke or worse
are not informed about telephony. Misspeaking wouldnt be that bad, just
as I did with case in point vs case and point, but constantly trying to
argue that you are right, when "right" keeps changing makes it pointless
to continue.
So with that said, no its not better, you first said it was required to
be valid, and now again say its required to be valid. But its not if
the federal government is able to send it and the call goes through
(they arent the only ones that do this, they are just an 'every call'
one, at least from specific departments). So if some "element"
somewhere is going to have a heart attack why dont the phone companies
refuse to place the call? Why dont they protect their own network? Why
do the calls go through every time without the network falling apart,
given that probation and pretrial services (people on bail) both call
with that as ANI and caller id? That is a lot of calls in a given day.
Ok, now lets address your middle argument about this, you said ANI is a
delivery method, I dont even know how to fit that in with something
somewhere will have a heart attack if its not valid, since if it were a
delivery method then the contents wouldnt be as important as how those
contents are delivered, but you made the argument that the contents are
important or something will have a heart attack. It is this
flip-flopping that makes me think you are either running for public
office or just dont know what you are talking about and will "correct"
anyone who challenges your assertion that you do.
BTW anyone that really knows what ANI is would know its not a delivery
method, but information about the call, so its silly to have even tried
that argument, at least the one you present here seems more plausible
even though it too can be easily disproven.
So with all of this I will just say, anyone who has spoofed ani with an
invalid number and had their call go through you must have been very
special to have not caused heart attacks of some "element" somewhere,
the fact that you can do it time and again is just coincidence, you are
a fortunate one.
--
Trixter http://www.0xdecafbad.com Bret McDanel
Belfast +44 28 9099 6461 US +1 516 687 5200
http://www.trxtel.com the phone company that pays you!
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
stotaro at totarotechn...
Guest
|
| Posted: Mon May 12, 2008 5:26 pm Post subject: [asterisk-biz] ANI |
|
|
Setting up a drone Asterisk box to take hundreds of thousands of FTP
.call files at 3AM (by each time zone) and play pro Hillary Clinton
campaign messages (or whoever you don't like), obviously spoofing
her/his campaign headquarters caller ID and ANI.
Obtaining a new credit card from someone's mailbox with the sticker to
call from your home phone to activate the card. Spoof their Caller ID
and ANI, activate, and buy some cool gadgets or whatever people do
with cards that don't belong to them.
Setting CallerID/ANI to clients', girlfriends', bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have full control
of their voicemail (and could possibly call out, I will have to test
that with the call back option. Then someone could really have some
fun depending on what messages they have saved)
So many exploits.....
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
stotaro at totarotechn...
Guest
|
| Posted: Mon May 12, 2008 5:33 pm Post subject: [asterisk-biz] ANI |
|
|
On Mon, May 12, 2008 at 6:22 PM, Steve Totaro
<stotaro@totarotechnologies.com> wrote:
| Quote: | Setting up a drone Asterisk box to take hundreds of thousands of FTP
.call files at 3AM (by each time zone) and play pro Hillary Clinton
campaign messages (or whoever you don't like), obviously spoofing
her/his campaign headquarters caller ID and ANI.
Obtaining a new credit card from someone's mailbox with the sticker to
call from your home phone to activate the card. Spoof their Caller ID
and ANI, activate, and buy some cool gadgets or whatever people do
with cards that don't belong to them.
Setting CallerID/ANI to clients', girlfriends', bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have full control
of their voicemail (and could possibly call out, I will have to test
that with the call back option. Then someone could really have some
fun depending on what messages they have saved)
So many exploits.....
Thanks,
Steve Totaro
|
Ah, another couple.
If someone has a court order stop contacting a person due to stalking
or whatever, one could spoof their caller ID/ANI and get that person
locked up for violating the court order.
Spoof caller ID/ANI and call in some sort of threat.
A competing company could find a bunch of people on the do not call
list and then spoof their caller ID/ANI to the competitor and
repeatedly call them with a bogus, better yet, prerecorded sales
message after or before the allowable telemarketing times, thus
violating three laws at the least.
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
cbvance at msn.com
Guest
|
| Posted: Mon May 12, 2008 5:44 pm Post subject: [asterisk-biz] ANI |
|
|
<?xml:namespace prefix="v" /><?xml:namespace prefix="o" /><![endif]--> each of those scenario's involve either fraud or intent to do harm and are already prohibited
in FCC regs even absent the "Truth in Caller ID Act"
| Quote: | ----- Original Message -----
From: Steve Totaro (stotaro@totarotechnologies.com)
To: trixter@0xdecafbad.com (trixter@0xdecafbad.com) ; Commercial and Business-Oriented Asterisk Discussion (asterisk-biz@lists.digium.com)
Sent: Monday, May 12, 2008 18:22
Subject: Re: [asterisk-biz] ANI
Setting up a drone Asterisk box to take hundreds of thousands of FTP
.call files at 3AM (by each time zone) and play pro Hillary Clinton
campaign messages (or whoever you don't like), obviously spoofing
her/his campaign headquarters caller ID and ANI.
Obtaining a new credit card from someone's mailbox with the sticker to
call from your home phone to activate the card. Spoof their Caller ID
and ANI, activate, and buy some cool gadgets or whatever people do
with cards that don't belong to them.
Setting CallerID/ANI to clients', girlfriends', bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have full control
of their voicemail (and could possibly call out, I will have to test
that with the call back option. Then someone could really have some
fun depending on what messages they have saved)
So many exploits.....
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
|
|
|
| Back to top |
|
|
trixter at 0xdecafbad.com
Guest
|
| Posted: Mon May 12, 2008 6:04 pm Post subject: [asterisk-biz] ANI |
|
|
On Thu, 2008-05-29 at 18:40 -0400, Charles Vance wrote:
| Quote: | each of those scenario's involve either fraud or intent to do harm and
are already prohibited
|
`(1) IN GENERAL- It shall be unlawful for any person within the United
States, in connection with any telecommunications service or VOIP
service, to cause any caller identification service to transmit
misleading or inaccurate caller identification information, with the
intent to defraud or cause harm.
emphasis on "intent to defraud or cause harm" so even with this law
nothing really changes.
Although this is not the first attempt, its a new bill that is basically
the same as the 2006 one, what passed was the 2007 one introduced Jan
5 2007.
It generally will do nothing, and places no burden on voip providers on
its face, although the courts at a later date may decide that providers
have to take responsibility for their customers. The person also has to
be in the united states, which provides an interesting loop hole for a call
center in say india.
The intent to defraud or cause harm will be assumed for grand jury hearings,
only to be disputed in trial. That is the way with intent more often than not.
It will be difficult to say that people are doing this with intent before they
do anything else, as a result the law wont stop anything, nor will it
help much in terms of getting warrants to search before someone actually
does something, its yet another law to make people feel good about paying
the legislature for doing nothing. Much like the florida law.
--
Trixter http://www.0xdecafbad.com Bret McDanel
Belfast +44 28 9099 6461 US +1 516 687 5200
http://www.trxtel.com the phone company that pays you!
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
nk3569 at yahoo.com
Guest
|
| Posted: Mon May 12, 2008 6:09 pm Post subject: [asterisk-biz] ANI |
|
|
Yes, we know there are security problems.
As a VoIP carrier - I do *not* let my customers set their own CID exactly for those reasons. However, I absolutely have to be able to set CID *myself* if I want to have any chance of surviving as a carrier.
Now, how do you suggest we fix it without wiping out most small VoIP carriers out there? simply saying "we gotta ban it" is not going to magically fix things. It's just going to create more problems.
--- On Mon, 5/12/08, Steve Totaro <stotaro@totarotechnologies.com> wrote:
| Quote: | From: Steve Totaro <stotaro@totarotechnologies.com>
Subject: Re: [asterisk-biz] ANI
To: trixter@0xdecafbad.com, "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com>
Date: Monday, May 12, 2008, 6:22 PM
Setting up a drone Asterisk box to take hundreds of
thousands of FTP
.call files at 3AM (by each time zone) and play pro Hillary
Clinton
campaign messages (or whoever you don't like),
obviously spoofing
her/his campaign headquarters caller ID and ANI.
Obtaining a new credit card from someone's mailbox with
the sticker to
call from your home phone to activate the card. Spoof
their Caller ID
and ANI, activate, and buy some cool gadgets or whatever
people do
with cards that don't belong to them.
Setting CallerID/ANI to clients', girlfriends',
bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have
full control
of their voicemail (and could possibly call out, I will
have to test
that with the call back option. Then someone could really
have some
fun depending on what messages they have saved)
So many exploits.....
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by
http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
|
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
nk3569 at yahoo.com
Guest
|
| Posted: Mon May 12, 2008 6:23 pm Post subject: [asterisk-biz] ANI |
|
|
Yep. True.
So the issue is not needing more regulation - but just how to be able to enforce existing regulation. Not something that more regulation by itself will resolve!
Of course for all these cases, there WILL be records allowing law enforcement officials (***who know what they're doing***) to trace back the calls. Even if you spoof ANI/CID - your call has to come from somewhere.
Let's take your 3AM campaign suggestion for example: the way the call will go is:
Culprit -> VoIP carrier who lets set CID/ANI -> ILEC or CLEC -> terminated to PSTN.
Tracing it back should not be a problem if you have the proper court orders, just find out with the terminating party which ILEC/CLEC they got the call from, then find out with the ILEC/CLEC which VoIP carrier they got the call from - and then finally get the customer records from the VoIP carrier.
Sure, it's not as easy as it used to be, and I may be over simplifying it - but it is possible and much better than trying to regulate who can and can't set CID. Punish the CRIMINALS - not the PROVIDERS.
--- On Thu, 5/29/08, Charles Vance <cbvance@msn.com> wrote:
| Quote: | From: Charles Vance <cbvance@msn.com>
Subject: Re: [asterisk-biz] ANI
To: "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com>
Date: Thursday, May 29, 2008, 6:40 PM
each of those scenario's involve either fraud or intent
to do harm and are already prohibited
in FCC regs even absent the "Truth in Caller ID
Act"
----- Original Message -----
From: Steve
Totaro<mailto:stotaro@totarotechnologies.com>
To:
trixter@0xdecafbad.com<mailto:trixter@0xdecafbad.com>
; Commercial and Business-Oriented Asterisk
Discussion<mailto:asterisk-biz@lists.digium.com>
Sent: Monday, May 12, 2008 18:22
Subject: Re: [asterisk-biz] ANI
Setting up a drone Asterisk box to take hundreds of
thousands of FTP
.call files at 3AM (by each time zone) and play pro
Hillary Clinton
campaign messages (or whoever you don't like),
obviously spoofing
her/his campaign headquarters caller ID and ANI.
Obtaining a new credit card from someone's mailbox
with the sticker to
call from your home phone to activate the card. Spoof
their Caller ID
and ANI, activate, and buy some cool gadgets or whatever
people do
with cards that don't belong to them.
Setting CallerID/ANI to clients', girlfriends',
bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have
full control
of their voicemail (and could possibly call out, I will
have to test
that with the call back option. Then someone could
really have some
fun depending on what messages they have saved)
So many exploits.....
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by
http://www.api-digital.com<http://www.api-digital.com/>--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz<http://lists.digiumcom/mailman/listinfo/asterisk-biz>_______________________________________________
--Bandwidth and Colocation Provided by
http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
|
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
cbvance at msn.com
Guest
|
| Posted: Mon May 12, 2008 6:33 pm Post subject: [asterisk-biz] ANI |
|
|
<?xml:namespace prefix="v" /><?xml:namespace prefix="o" /><![endif]--> Speaking of Law Enforcement...they are absolutely exempt from any anti-spoof laws
Seems both the Congress and the Senate believe there are some legitimate law enforcement reasons for spoofing.
----- Original Message -----
| Quote: | From: Nitzan Kon (nk3569@yahoo.com)
To: Commercial and Business-Oriented Asterisk Discussion (asterisk-biz@lists.digium.com)
Sent: Monday, May 12, 2008 19:18
Subject: Re: [asterisk-biz] ANI
Yep. True.
So the issue is not needing more regulation - but just how to be able to enforce existing regulation. Not something that more regulation by itself will resolve!
Of course for all these cases, there WILL be records allowing law enforcement officials (***who know what they're doing***) to trace back the calls. Even if you spoof ANI/CID - your call has to come from somewhere.
Let's take your 3AM campaign suggestion for example: the way the call will go is:
Culprit -> VoIP carrier who lets set CID/ANI -> ILEC or CLEC -> terminated to PSTN.
Tracing it back should not be a problem if you have the proper court orders, just find out with the terminating party which ILEC/CLEC they got the call from, then find out with the ILEC/CLEC which VoIP carrier they got the call from - and then finally get the customer records from the VoIP carrier.
Sure, it's not as easy as it used to be, and I may be over simplifying it - but it is possible and much better than trying to regulate who can and can't set CID. Punish the CRIMINALS - not the PROVIDERS.
--- On Thu, 5/29/08, Charles Vance <cbvance@msn.com (cbvance@msn.com)> wrote:
| Quote: | From: Charles Vance <cbvance@msn.com (cbvance@msn.com)>
Subject: Re: [asterisk-biz] ANI
To: "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com (asterisk-biz@lists.digium.com)>
Date: Thursday, May 29, 2008, 6:40 PM
each of those scenario's involve either fraud or intent
to do harm and are already prohibited
in FCC regs even absent the "Truth in Caller ID
Act"
----- Original Message -----
From: Steve
Totaro<mailto:stotaro@totarotechnologies.com (stotaro@totarotechnologies.com)>
To:
trixter@0xdecafbad.com<mailto:trixter@0xdecafbad.com ([email]trixter@0xdecafbad.com<mailto:trixter@0xdecafbad.com[/email])>
; Commercial and Business-Oriented Asterisk
Discussion<mailto:asterisk-biz@lists.digium.com (asterisk-biz@lists.digium.com)>
Sent: Monday, May 12, 2008 18:22
Subject: Re: [asterisk-biz] ANI
Setting up a drone Asterisk box to take hundreds of
thousands of FTP
.call files at 3AM (by each time zone) and play pro
Hillary Clinton
campaign messages (or whoever you don't like),
obviously spoofing
her/his campaign headquarters caller ID and ANI.
Obtaining a new credit card from someone's mailbox
with the sticker to
call from your home phone to activate the card. Spoof
their Caller ID
and ANI, activate, and buy some cool gadgets or whatever
people do
with cards that don't belong to them.
Setting CallerID/ANI to clients', girlfriends',
bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have
full control
of their voicemail (and could possibly call out, I will
have to test
that with the call back option. Then someone could
really have some
fun depending on what messages they have saved)
So many exploits.....
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by
http://www.api-digital.com<http://www.api-digital.com/>--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz<http://lists.digiumcom/mailman/listinfo/asterisk-biz>_______________________________________________
--Bandwidth and Colocation Provided by
http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
|
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
|
|
|
| Back to top |
|
|
trixter at 0xdecafbad.com
Guest
|
| Posted: Mon May 12, 2008 6:36 pm Post subject: [asterisk-biz] ANI |
|
|
On Mon, 2008-05-12 at 16:18 -0700, Nitzan Kon wrote:
| Quote: | Yep. True.
So the issue is not needing more regulation - but just how to be able to enforce existing regulation. Not something that more regulation by itself will resolve!
|
agree not just on this issue but many many others. Laws only make more
criminals, enforcement of existing laws is what actually has an impact
on crime, and as long as criminals know that laws are not properly
enforced they will continue to do all the things they used to (some will
do other things that are enforced anyway). Take speeding, its often not
enforced yet its illegal, and how many speed knowing that they wont get
a ticket?
| Quote: | Of course for all these cases, there WILL be records allowing law enforcement officials (***who know what they're doing***) to trace back the calls. Even if you spoof ANI/CID - your call has to come from somewhere.
|
well there may be records, but often and unfortunately they include only
the false data 
| Quote: | Let's take your 3AM campaign suggestion for example: the way the call will go is:
Culprit -> VoIP carrier who lets set CID/ANI -> ILEC or CLEC -> terminated to PSTN.
Tracing it back should not be a problem if you have the proper court orders, just find out with the terminating party which ILEC/CLEC they got the call from, then find out with the ILEC/CLEC which VoIP carrier they got the call from - and then finally get the customer records from the VoIP carrier.
|
tracing it back requires that the information for the call be recorded,
some of which usually isnt in a way that makes it to the police. Often
the ani is logged and that is about it. Yes if they log the circuit it
comes in on, all of the other information, tracing back could be a lot
easier, but um yeah for some reason the phone companies generally dont
log all that data.
This was the situation I ran into when both the FCC and a state
prosecutor on separate occasions and for separate customers wanted
information from me. Both instances it was over calls placed to the
PSTN, a service I never offered, but because the phone number went to me
they wrongfully assumed that the only way the calls could have been
placed was through my servers.
The only people that tried to argue that point (the govt accepted that
was the case without question) were other phone companies who couldnt
fathom that calls were placed by some other provider somewhere.
this doesnt give me a lot of faith in the call being properly traced,
and since we do not yet live in a police state, the government cant just
go in and take over the telephone company to trace it. So even if there
is a law enforcement agent that knows what they are doing, they would
still have to deal with the phone company that may not.
--
Trixter http://www.0xdecafbad.com Bret McDanel
Belfast +44 28 9099 6461 US +1 516 687 5200
http://www.trxtel.com the phone company that pays you!
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
jra at baylink.com
Guest
|
| Posted: Mon May 12, 2008 6:48 pm Post subject: [asterisk-biz] ANI |
|
|
On Mon, May 12, 2008 at 04:05:32PM -0700, Nitzan Kon wrote:
| Quote: | As a VoIP carrier - I do *not* let my customers set their own CID
exactly for those reasons. However, I absolutely have to be able to set
CID *myself* if I want to have any chance of surviving as a carrier.
|
We weren't talking about spoofing CLID; please go back over the thread.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
jra at baylink.com
Guest
|
| Posted: Mon May 12, 2008 6:50 pm Post subject: [asterisk-biz] ANI |
|
|
On Mon, May 12, 2008 at 04:18:32PM -0700, Nitzan Kon wrote:
| Quote: | So the issue is not needing more regulation - but just how to be able
to enforce existing regulation. Not something that more regulation by
itself will resolve!
Of course for all these cases, there WILL be records allowing law
enforcement officials (***who know what they're doing***) to trace
back the calls. Even if you spoof ANI/CID - your call has to come from
somewhere.
Let's take your 3AM campaign suggestion for example: the way the call
will go is:
Culprit -> VoIP carrier who lets set CID/ANI -> ILEC or CLEC ->
terminated to PSTN.
Tracing it back should not be a problem if you have the proper court
orders, just find out with the terminating party which ILEC/CLEC they
got the call from, then find out with the ILEC/CLEC which VoIP carrier
they got the call from - and then finally get the customer records
from the VoIP carrier.
Sure, it's not as easy as it used to be, and I may be over simplifying
it - but it is possible and much better than trying to regulate who
can and can't set CID. Punish the CRIMINALS - not the PROVIDERS.
|
You know, that sounds so much like the part where I said "require them
to provide it to you by contract and hammer them if they screw it up"...
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
abalashov at evaristes...
Guest
|
| Posted: Mon May 12, 2008 7:22 pm Post subject: [asterisk-biz] ANI |
|
|
PSTN call routing isn't magic. There are ways to track this sort of
thing down if necessary, and neither ANI nor caller ID play an
indispensable role in the anatomy of such investigative endeavours.
There is a whole host of data dumped into internal CDRs accessible via
switch craft interfaces and softswitch / big-iron EMSs that admits of
internal PRI trunks and cross-connects, TCICs from private and ILEC
tandem interconnection SS7 IMTs, and various other such things.
Steve Totaro wrote:
| Quote: | On Mon, May 12, 2008 at 6:22 PM, Steve Totaro
<stotaro@totarotechnologies.com> wrote:
| Quote: | Setting up a drone Asterisk box to take hundreds of thousands of FTP
.call files at 3AM (by each time zone) and play pro Hillary Clinton
campaign messages (or whoever you don't like), obviously spoofing
her/his campaign headquarters caller ID and ANI.
Obtaining a new credit card from someone's mailbox with the sticker to
call from your home phone to activate the card. Spoof their Caller ID
and ANI, activate, and buy some cool gadgets or whatever people do
with cards that don't belong to them.
Setting CallerID/ANI to clients', girlfriends', bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have full control
of their voicemail (and could possibly call out, I will have to test
that with the call back option. Then someone could really have some
fun depending on what messages they have saved)
So many exploits.....
Thanks,
Steve Totaro
|
Ah, another couple.
If someone has a court order stop contacting a person due to stalking
or whatever, one could spoof their caller ID/ANI and get that person
locked up for violating the court order.
Spoof caller ID/ANI and call in some sort of threat.
A competing company could find a bunch of people on the do not call
list and then spoof their caller ID/ANI to the competitor and
repeatedly call them with a bogus, better yet, prerecorded sales
message after or before the allowable telemarketing times, thus
violating three laws at the least.
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
|
--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
bill at cosi.com
Guest
|
| Posted: Mon May 12, 2008 7:55 pm Post subject: [asterisk-biz] ANI |
|
|
I use a pool pool of VoIP providers to dial out from a pool of legitimate business numbers with different ID's. Also on occasion, I set caller ID to my cell phone number. When my asterisk box forwards a call to my cell, I have it set caller ID to the originator.
Your service would not be useful to me.
Nitzan Kon wrote: | Quote: | | Quote: |
As a VoIP carrier - I do *not* let my customers set their own CID exactly for those reasons. However, I absolutely have to be able to set CID *myself* if I want to have any chance of surviving as a carrier.
|
|
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
