VoIP Mailing List Archives :: View topic

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-biz] ANI

Goto page Previous 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Next

VoIP Mailing List Archives Forum Index -> Asterisk Business

View previous topic :: View next topic

Author

Message

nk3569 at yahoo.com
Guest

Posted: Mon May 12, 2008 8:11 pm Post subject: [asterisk-biz] ANI

--- On Mon, 5/12/08, Trixter aka Bret McDanel <trixter@0xdecafbad.com> wrote:

Quote:

well there may be records, but often and unfortunately they
include only the false data Sad

I see..

Quote:

tracing it back requires that the information for the call
be recorded, some of which usually isnt in a way that makes
it to the police. Often the ani is logged and that is about it.
Yes if they log the circuit it comes in on, all of the other
information, tracing back could be a lot easier, but um yeah for
some reason the phone companies generally dont log all that data.

Well, here you go for regulation - make them log it. Smile

I'm pretty sure 100% of VoIP providers log such information and
could trace it back need be. No reason why the phone companies
shouldn't do the same. (except for cost and general ignorance)

Quote:

The only people that tried to argue that point (the govt
accepted that was the case without question) were other phone
companies who couldnt fathom that calls were placed by some other
provider somewhere.

People entrenched in what they've been doing for years and years,
not surprising that they cannot grasp the concept...

Quote:

this doesnt give me a lot of faith in the call being
properly traced,
and since we do not yet live in a police state, the
government cant just
go in and take over the telephone company to trace it. So
even if there
is a law enforcement agent that knows what they are doing,
they would
still have to deal with the phone company that may not.

Very true.

-- Nitzan

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

asterisk at wideideas.com
Guest

Posted: Mon May 12, 2008 8:13 pm Post subject: [asterisk-biz] ANI

On May 12, 2008, at 4:05 PM, Nitzan Kon wrote:

Quote:

As a VoIP carrier - I do *not* let my customers set their own CID
exactly for those reasons. However, I absolutely have to be able to
set CID *myself* if I want to have any chance of surviving as a
carrier.

There is the small possibility that you are on to something and the
other small carriers like AT&T who allow this behavior purposefully
are not going to survive.

Quote:

Now, how do you suggest we fix it without wiping out most small VoIP
carriers out there? simply saying "we gotta ban it" is not going to
magically fix things. It's just going to create more problems.

This isn't an issue isolated to small carriers, but rather the large
ones who deal with this since it is a significant portion of their
business model. Do you know a lot of small carriers that do one way
aggregation for thousands of customers?

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

nk3569 at yahoo.com
Guest

Posted: Mon May 12, 2008 8:47 pm Post subject: [asterisk-biz] ANI

We can (and will) set the Caller ID for you to something you
request, and we can have multiple peer definitions with
different CIDs defined to each if you need to switch between
them.

Not as nice as setting it yourself - but it should work for
the purposes you mention.

-- Nitzan

--- On Mon, 5/12/08, Bill Michaelson <bill@cosi.com> wrote:

Quote:

From: Bill Michaelson <bill@cosi.com>
Subject: Re: [asterisk-biz] ANI
To: "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com>
Date: Monday, May 12, 2008, 8:51 PM
I use a pool pool of VoIP providers to dial out from a pool
of
legitimate business numbers with different ID's. Also
on occasion, I set
caller ID to my cell phone number. When my asterisk box
forwards a call
to my cell, I have it set caller ID to the originator.

Your service would not be useful to me.

Nitzan Kon wrote:

Quote:

As a VoIP carrier - I do *not* let my customers set

their own CID exactly for those reasons. However, I
absolutely have to be able to set CID *myself* if I want to
have any chance of surviving as a carrier.

Quote:

_______________________________________________

--Bandwidth and Colocation Provided by
http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

jra at baylink.com
Guest

Posted: Mon May 12, 2008 9:14 pm Post subject: [asterisk-biz] ANI

On Mon, May 12, 2008 at 08:26:35PM -0400, Alex Balashov wrote:

Quote:

There is a whole host of data dumped into internal CDRs accessible via
switch craft interfaces and softswitch / big-iron EMSs that admits of
internal PRI trunks and cross-connects, TCICs from private and ILEC
tandem interconnection SS7 IMTs, and various other such things.

I knew someone would eventually show up who was 100% buzzword
compliant. Smile

So, Alex, *does* the ISUP element dictionary separate BTN, ANI, and
CLID?

Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274

Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

bill at cosi.com
Guest

Posted: Mon May 12, 2008 9:46 pm Post subject: [asterisk-biz] ANI

How does this address the forwarding requirement, for which I cannot know in advance what CID I will be sending?

Nitzan Kon wrote:

Quote:

From: Bill Michaelson <bill@cosi.com> (bill@cosi.com)
Subject: Re: [asterisk-biz] ANI
To: "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com> (asterisk-biz@lists.digium.com)
Date: Monday, May 12, 2008, 8:51 PM
I use a pool pool of VoIP providers to dial out from a pool
of
legitimate business numbers with different ID's. Also
on occasion, I set
caller ID to my cell phone number. When my asterisk box
forwards a call
to my cell, I have it set caller ID to the originator.

Your service would not be useful to me.

Nitzan Kon wrote:

Quote:

As a VoIP carrier - I do *not* let my customers set

their own CID exactly for those reasons. However, I
absolutely have to be able to set CID *myself* if I want to
have any chance of surviving as a carrier.

Quote:

_______________________________________________

--Bandwidth and Colocation Provided by
http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

asterisk-biz at ics-il...
Guest

Posted: Mon May 12, 2008 10:12 pm Post subject: [asterisk-biz] ANI

Quote:

----- Original Message -----
From: Charles Vance (cbvance@msn.com)
To: Commercial and Business-Oriented Asterisk Discussion (asterisk-biz@lists.digium.com)
Sent: Thursday, May 29, 2008 5:40 PM
Subject: Re: [asterisk-biz] ANI

<?xml:namespace prefix="v" /><?xml:namespace prefix="o" /><![endif]--> each of those scenario's involve either fraud or intent to do harm and are already prohibited
in FCC regs even absent the "Truth in Caller ID Act"

Quote:

----- Original Message -----
From: Steve Totaro (stotaro@totarotechnologies.com)
To: trixter@0xdecafbad.com (trixter@0xdecafbad.com) ; Commercial and Business-Oriented Asterisk Discussion (asterisk-biz@lists.digium.com)
Sent: Monday, May 12, 2008 18:22
Subject: Re: [asterisk-biz] ANI

Setting up a drone Asterisk box to take hundreds of thousands of FTP
.call files at 3AM (by each time zone) and play pro Hillary Clinton
campaign messages (or whoever you don't like), obviously spoofing
her/his campaign headquarters caller ID and ANI.

Obtaining a new credit card from someone's mailbox with the sticker to
call from your home phone to activate the card. Spoof their Caller ID
and ANI, activate, and buy some cool gadgets or whatever people do
with cards that don't belong to them.

Setting CallerID/ANI to clients', girlfriends', bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have full control
of their voicemail (and could possibly call out, I will have to test
that with the call back option. Then someone could really have some
fun depending on what messages they have saved)

So many exploits.....

Thanks,
Steve Totaro

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

asterisk-biz at ics-il...
Guest

Posted: Mon May 12, 2008 10:21 pm Post subject: [asterisk-biz] ANI

Quote:

----- Original Message -----
From: John Signorello (jsignorello@ispbx.com)
To: Commercial and Business-Oriented Asterisk Discussion (asterisk-biz@lists.digium.com)
Sent: Friday, May 09, 2008 8:40 AM
Subject: Re: [asterisk-biz] ANI

http://www.totse.com/en/phreak/introduction_to_telecommunications/cid_ani.html

Mike Hammett wrote:

Quote:

Is the CID of a call to a toll free number really the ANI, therefore not spoofed or blocked?

Someone who's opinion I respect said it generally is, but he wasn't sure. Since I have a potential customer coming to me with an ANI requirement, not a CID requirement, I figured I should make sure.

----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Quote:

abalashov at evaristes...
Guest

Posted: Tue May 13, 2008 12:22 am Post subject: [asterisk-biz] ANI

Jay R. Ashworth wrote:

Quote:

On Mon, May 12, 2008 at 08:26:35PM -0400, Alex Balashov wrote:

Quote:

I knew someone would eventually show up who was 100% buzzword
compliant. Smile

Yes, I took time out from my busy day of delivering transformative
matrix value convergence through five-9s, N+1 24/7 methodologies and
chaining synergistic B2B and B2C channel partner sales, monetising VAR
click-through portal infomediaries, and leveraging turn-key, whiteboard
deliverables to bring you this dose of enterprise-strength insight.

*swivels in executive chair ominously, looking smuggy smug smug*

Quote:

So, Alex, *does* the ISUP element dictionary separate BTN, ANI, and
CLID?

As far as I know, the ANI is the BTN, but I could be very wrong. I will
not be duped into an appointment as the ISUP expert. Smile

I have worked
for and with several CLECs at various times and have some experience in
the esoterica of TDM land, but I still don't sit around reading

http://www.itu.int/rec/T-REC-Q.767-199102-I/en

all day. Smile

--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

astmattf at gmail.com
Guest

Posted: Tue May 13, 2008 12:46 am Post subject: [asterisk-biz] ANI

Hello,

I just wanted to add my personal ANI story since this thread has
gotten so long anyway. I had been under the impression for years that
ANI was always correct and could not be spoofed. that was until I met
one of my client's cut rate telco provider. They are based in Orlando,
FL(and that's all I will mention about the company itself) and somehow
they manage to not send ANI on some calls coming in on 800 numbers.
This confused the heck out of me because for years I thought that was
impossible. But there it was, blank ANI. I could not spoof CallerID as
I could on local T1 circuits, but for some reason every once in a
while the ANI on inoming 800 number calls would show up blank. The
carrier had no clue it was happening and said if that happens then
they just wouldn't bill the client. And it stayed like that for months
until something stranger happened...

One day I got a call from the client that they were being call blasted
from the same number in Orlando. So I went into their logs and noticed
the same ANI had called them over 300 times that morning already, but
the weird part is that many of those calls were answered and had talk
time. I asked the client about it and they started looking at it and
figured out that there were people on the other end of these calls,
and not all the same people. It turns out that the carrier was sending
the same ANI for every call coming into the 800 numbers from certain
areas in Florida. That stopped later that day(again with no
explanation from the carrier) and has happened again a few times since
as well.

So the lessons I took away from this is that ANI can certainly be
messed with, and stay away from cut-rate telco providers.

MATT---

On 5/12/08, Mike Hammett <asterisk-biz@ics-il.net> wrote:

Quote:

I'm going to attempt to sum up things discussed on various lists.

ANI and CNID are two different things, though are often the same number.
BTN is yet another item that may or may not be the same.

ANI can be spoofed, though details not revealed on list for obvious reasons.

Toll free, premium (900), and 911 numbers receive the ANI since one of them
is being billed for the call and the other is billing for services rendered.
That's why collection services and private investigators have you return
calls on a toll free line.

You need SS7 or someone above you that has SS7 to set ANI as CNID to view
the ANI.

Some people think there should be regulation against ANI manipulation,
others don't.

----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

----- Original Message -----
From: John Signorello
To: Commercial and Business-Oriented Asterisk Discussion
Sent: Friday, May 09, 2008 8:40 AM
Subject: Re: [asterisk-biz] ANI

http://www.totse.com/en/phreak/introduction_to_telecommunications/cid_ani.html

Mike Hammett wrote:

Is the CID of a call to a toll free number really the ANI, therefore not
spoofed or blocked?

Someone who's opinion I respect said it generally is, but he wasn't sure.
Since I have a potential customer coming to me with an ANI requirement, not
a CID requirement, I figured I should make sure.

----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

________________________________

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

________________________________

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

stotaro at totarotechn...
Guest

Posted: Tue May 13, 2008 7:07 am Post subject: [asterisk-biz] ANI

Mike,

Apologies for taking your biz question and changing it to a biz/users
discussion. It was not my intention but as you can see, it is has
catalized from your initial post, it is not just me that has continued
this topic and brought up other valid points, my posts amount to less
than other posters.

I am not sure what the longest thread is on the Asterisk lists, but
this has got to almost be a record, hence discussion and opinion is
good.

Although there are some laws to address spoofing ANI, it can be done
with no trace as things are now. Many very serious things could be
done to ruin people's life, liberty, and pursuit of happiness with no
way to clear their name. I don't think you have the imagination of
what could be done and be totally untraceable.

Anyways, you have sole control of what you pay attention to so don't
pay attention so simply ignore the thread, it is pretty simple, just
as you would spam..

BTW, I do not use the word "CANT", you are dooming yourself to
distraction and failure.

Thanks,
Steve Totaro

On Mon, May 12, 2008 at 11:06 PM, Mike Hammett <asterisk-biz@ics-il.net> wrote:

Quote:

Just because something is illegal doesn't mean it can't be done. Once it
left what I initially asked, I stopped paying attention, but it sounds like
Steve wants to make it so it CAN'T happen.

----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

----- Original Message -----
From: Charles Vance
To: Commercial and Business-Oriented Asterisk Discussion
Sent: Thursday, May 29, 2008 5:40 PM
Subject: Re: [asterisk-biz] ANI

each of those scenario's involve either fraud or intent to do harm and are
already prohibited
in FCC regs even absent the "Truth in Caller ID Act"

----- Original Message -----
From: Steve Totaro
To: trixter@0xdecafbad.com ; Commercial and Business-Oriented Asterisk
Discussion
Sent: Monday, May 12, 2008 18:22
Subject: Re: [asterisk-biz] ANI

Setting up a drone Asterisk box to take hundreds of thousands of FTP
.call files at 3AM (by each time zone) and play pro Hillary Clinton
campaign messages (or whoever you don't like), obviously spoofing
her/his campaign headquarters caller ID and ANI.

Obtaining a new credit card from someone's mailbox with the sticker to
call from your home phone to activate the card. Spoof their Caller ID
and ANI, activate, and buy some cool gadgets or whatever people do
with cards that don't belong to them.

Setting CallerID/ANI to clients', girlfriends', bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have full control
of their voicemail (and could possibly call out, I will have to test
that with the call back option. Then someone could really have some
fun depending on what messages they have saved)

So many exploits.....

Thanks,
Steve Totaro

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

________________________________

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

asterisk-biz at ics-il...
Guest

Posted: Tue May 13, 2008 8:37 am Post subject: [asterisk-biz] ANI

Discussion about things semi-on topic is good. I just have little to add
because I'm not educated on the matter.

Thanks for all the constructive conversation.

----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

----- Original Message -----
From: "Steve Totaro" <stotaro@totarotechnologies.com>
To: "Commercial and Business-Oriented Asterisk Discussion"
<asterisk-biz@lists.digium.com>
Sent: Tuesday, May 13, 2008 6:51 AM
Subject: Re: [asterisk-biz] ANI

Quote:

Just because something is illegal doesn't mean it can't be done. Once it
left what I initially asked, I stopped paying attention, but it sounds
like
Steve wants to make it so it CAN'T happen.

----------
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

----- Original Message -----
From: Charles Vance
To: Commercial and Business-Oriented Asterisk Discussion
Sent: Thursday, May 29, 2008 5:40 PM
Subject: Re: [asterisk-biz] ANI

each of those scenario's involve either fraud or intent to do harm and
are
already prohibited
in FCC regs even absent the "Truth in Caller ID Act"

----- Original Message -----
From: Steve Totaro
To: trixter@0xdecafbad.com ; Commercial and Business-Oriented Asterisk
Discussion
Sent: Monday, May 12, 2008 18:22
Subject: Re: [asterisk-biz] ANI

Setting up a drone Asterisk box to take hundreds of thousands of FTP
.call files at 3AM (by each time zone) and play pro Hillary Clinton
campaign messages (or whoever you don't like), obviously spoofing
her/his campaign headquarters caller ID and ANI.

Obtaining a new credit card from someone's mailbox with the sticker to
call from your home phone to activate the card. Spoof their Caller ID
and ANI, activate, and buy some cool gadgets or whatever people do
with cards that don't belong to them.

Setting CallerID/ANI to clients', girlfriends', bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have full control
of their voicemail (and could possibly call out, I will have to test
that with the call back option. Then someone could really have some
fun depending on what messages they have saved)

So many exploits.....

Thanks,
Steve Totaro

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

________________________________

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

stotaro at totarotechn...
Guest

Posted: Tue May 13, 2008 11:48 am Post subject: [asterisk-biz] ANI

Nitzan,

Maybe you are unaware that all of this could be done with *absolutely*
no way to trace it back to the "Culprit".

If you cannot trace it back to the culprit AND more importantly, clear
the INNOCENT, then more regulation is needed.

"Culprit -> VoIP carrier who lets set CID/ANI -> ILEC or CLEC ->
terminated to PSTN." would be stupid.

This make more sense:
Open WiFi AP (or cracked WEP) ----> hacked Asterisk box (who sets the
CID/ANI ----> Telco ------> terminated to the PSTN

Be sure to delete appropriate logs on the hacked Asterisk boxen and just
to be safe, spoof your laptop's MAC address. Perform your exploit
somewhere inconspicuous and a good distance from "home, then clean your
laptop by using DBAN http://dban.sourceforge.net/ which is DoD 5220.22-M
compliant, before re-installing your OS"......

Thanks,
Steve Totaro

Nitzan Kon wrote:

Quote:

Yep. True.

So the issue is not needing more regulation - but just how to be able to enforce existing regulation. Not something that more regulation by itself will resolve!

Of course for all these cases, there WILL be records allowing law enforcement officials (***who know what they're doing***) to trace back the calls. Even if you spoof ANI/CID - your call has to come from somewhere.

Let's take your 3AM campaign suggestion for example: the way the call will go is:

Culprit -> VoIP carrier who lets set CID/ANI -> ILEC or CLEC -> terminated to PSTN.

Tracing it back should not be a problem if you have the proper court orders, just find out with the terminating party which ILEC/CLEC they got the call from, then find out with the ILEC/CLEC which VoIP carrier they got the call from - and then finally get the customer records from the VoIP carrier.

Sure, it's not as easy as it used to be, and I may be over simplifying it - but it is possible and much better than trying to regulate who can and can't set CID. Punish the CRIMINALS - not the PROVIDERS.

--- On Thu, 5/29/08, Charles Vance <cbvance@msn.com> wrote:

Quote:

From: Charles Vance <cbvance@msn.com>
Subject: Re: [asterisk-biz] ANI
To: "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com>
Date: Thursday, May 29, 2008, 6:40 PM
each of those scenario's involve either fraud or intent
to do harm and are already prohibited
in FCC regs even absent the "Truth in Caller ID
Act"
----- Original Message -----
From: Steve
Totaro<mailto:stotaro@totarotechnologies.com>
To:
trixter@0xdecafbad.com<mailto:trixter@0xdecafbad.com>
; Commercial and Business-Oriented Asterisk
Discussion<mailto:asterisk-biz@lists.digium.com>
Sent: Monday, May 12, 2008 18:22
Subject: Re: [asterisk-biz] ANI

Setting up a drone Asterisk box to take hundreds of
thousands of FTP
.call files at 3AM (by each time zone) and play pro
Hillary Clinton
campaign messages (or whoever you don't like),
obviously spoofing
her/his campaign headquarters caller ID and ANI.

Obtaining a new credit card from someone's mailbox
with the sticker to
call from your home phone to activate the card. Spoof
their Caller ID
and ANI, activate, and buy some cool gadgets or whatever
people do
with cards that don't belong to them.

Setting CallerID/ANI to clients', girlfriends',
bosses' cell phone and
call until voicemail picks up, if no PIN is set, I have
full control
of their voicemail (and could possibly call out, I will
have to test
that with the call back option. Then someone could
really have some
fun depending on what messages they have saved)

So many exploits.....

Thanks,
Steve Totaro

abalashov at evaristes...
Guest

Posted: Tue May 13, 2008 12:09 pm Post subject: [asterisk-biz] ANI

Steve Totaro wrote:

Quote:

This make more sense:
Open WiFi AP (or cracked WEP) ----> hacked Asterisk box (who sets the
CID/ANI ----> Telco ------> terminated to the PSTN

Well, sure, but you can do far worse things than spoof ANI/CID with that
kind of mischief. The sort of things generated in the scenario you
described are hard to track down whether they're telephony-related or not.

--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

trixter at 0xdecafbad.com
Guest

Posted: Tue May 13, 2008 12:11 pm Post subject: [asterisk-biz] ANI

On Tue, 2008-05-13 at 12:41 -0400, Steve Totaro wrote:

Quote:

I agree to a point, I dont think more regulation is needed, I think a
fairer approach of not charging people out of suspicion but rather facts
would clear more innocent even if it lets some guilty get away. The
feds have a 96% plea rate give or take. This is because they threaten
people with really long sentences and offer pleas of minimal sentences,
many who have given up on fighting accept the plea out of desperation
and not because they believe they are guilty. Of those that go to trial
75% loose in the federal system, often because of dirty tricks used and
a bunch of retired postal employees as jurors. One of the first tactics
that the feds use is to dry up your income so you cant afford a real
lawyer and end up with a public defender. Seizing funds (or at least
freezing them), ensuring you get fired, etc are all standard tactics.

If there is regulation it needs to be that the government will play fair
in prosecution, if this happens you will see many more people walk when
the evidence just isnt there, rather than conviction because the
government says so.

Generally more regulation only leads to more "criminals" some of whom
are unintended consequences of a poorly written law. It generally does
little to actually stop innocent convictions, or halt an undesirable
action.

Quote:

This make more sense:
Open WiFi AP (or cracked WEP) ----> hacked Asterisk box (who sets the
CID/ANI ----> Telco ------> terminated to the PSTN

open/cracked wifi device using voip device -> itsp that takes paypal or
credit cards and does instant activation -> pstn

paypal and credit cards are stolen all the time, and are probably more
plentiful than vulnerable voip systems (asterisk or not) so the attack
vector is larger than in your example.

Quote:

Be sure to delete appropriate logs on the hacked Asterisk boxen and just
to be safe, spoof your laptop's MAC address. Perform your exploit
somewhere inconspicuous and a good distance from "home, then clean your
laptop by using DBAN http://dban.sourceforge.net/ which is DoD 5220.22-M
compliant, before re-installing your OS"......

this step also could be removed, certain the clean up, but if you can
really get in and out without anyone noticing, bounce around to
different locations, use proxies, etc tracing it back to the user of the
access point becomes difficult and unless you enter the US or UK where
they can search the contents of your laptop "because they feel like it"
wiping it isnt always required.

fyi eteraser does DoD compliant wipes of free and slack space on windows
boxes, and if you use a wifi phone or ATA or something that way there
generally arent logs to even require this step. And many of the wifi
phones look like mobiles so it wouldnt look as odd, but you may not have
as much ability to set clid/ani to said itsp provider.

--
Trixter http://www.0xdecafbad.com Bret McDanel
Belfast +44 28 9099 6461 US +1 516 687 5200
http://www.trxtel.com the phone company that pays you!

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

stotaro at totarotechn...
Guest

Posted: Tue May 13, 2008 12:18 pm Post subject: [asterisk-biz] ANI

Alex Balashov wrote:

Quote:

Steve Totaro wrote:

Quote:

This make more sense:
Open WiFi AP (or cracked WEP) ----> hacked Asterisk box (who sets the
CID/ANI ----> Telco ------> terminated to the PSTN

Yes, but this an Asterisk list........ Try to stay semi on topic.

Thanks,
Steve Totaro

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Business	All times are GMT - 5 Hours Goto page Previous 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Next
Page 7 of 10

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum