VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
asterisk at wideideas.com
Guest
|
 Posted: Fri May 09, 2008 12:36 pm Post subject: [asterisk-biz] ANI |
 |
|
This isn't a unique situation, I'm sending this out via a large ILEC,
and have tested it with two major ILECs if you want to see the case in
point just give me two numbers and a time and I'll use them to
generate the call for you.
On May 9, 2008, at 10:22 AM, Jay R. Ashworth wrote:
| Quote: | On Fri, May 09, 2008 at 01:07:17PM -0400, Steve Totaro wrote:
| Quote: | Re-reading this, providers have it all wrong and should be cracked
down on with fines or whatever. ANI is not the same as Caller ID but
this quoted text indicates they are using one and the same.
I do know some VoIP providers that do not allow you to use a number
that is not allocated to you.
|
Correct. No carrier sending packets to the SS7 network should be
originating CNID *or* ANI that doesn't match *some* numbers for which
the subscriber in question is assigned.
I don't have chapter and verse, but you can bet I'm going to go find
it.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I
Think RFC 2100
Ashworth & Associates http://
baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1
727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
|
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
 |
beckman at angryox.com
Guest
|
| Posted: Fri May 09, 2008 1:02 pm Post subject: [asterisk-biz] ANI |
|
|
On Fri, 9 May 2008, Charles Vance wrote:
| Quote: | Actually there is no federal law as yet.
There is a House Bill HR251 that will prohibit spoofing with intent to do
harm or fraud. Also there is a senate Bill SR37 that has similar
language.
However, there is no indication if the Senate will even bother to
conference with the house to make it law, so for now there is no law
regarding spoofing.
|
I'm betting they don't specify ANI vs CLID. I believe ANI is used for
billing and call records, and CLID is for pushing to the receiving end. In
my experience, I have NOT been able to find a VoIP termination provider
that can either accept the ANI and CLID as different values, or themselves
SET the ANI or CLID as different values.
I wonder if the interlata and intralata rates are based on ANI or CLID. I
could really save some money terminating calls if I could set the ANI as
within a LATA, but the CLID a completely different value. I'm sure this is
considered "FRAUD" but given no regulations, hey, use it until it's no
longer allowed.
That's what built free conference calling in Iowa!
Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman@angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
andres at paglayan.com
Guest
|
| Posted: Fri May 09, 2008 1:20 pm Post subject: [asterisk-biz] ANI |
|
|
On Fri, 2008-05-09 at 11:46 -0400, Steve Totaro wrote: | Quote: | | Quote: |
I am fairly sure that ANI cannot be spoofed.
|
|
this is true,
and CID not necessarily equals ANI,
ANI will always be stored somewhere at the telco log |
|
| Back to top |
|
|
nk3569 at yahoo.com
Guest
|
| Posted: Fri May 09, 2008 1:22 pm Post subject: [asterisk-biz] ANI |
|
|
--- On Fri, 5/9/08, Peter Beckman <beckman@angryox.com> wrote:
| Quote: | I wonder if the interlata and intralata rates are based on
ANI or CLID.
|
There is absolutely no way to tell the "real" ANI with calls
pushed through SIP, so my experience has been that we've been
billed using the CID solely. (what ANI is sent I have no idea)
| Quote: | I could really save some money terminating calls if I could
set the ANI as within a LATA, but the CLID a completely different
value. I'm sure this is considered "FRAUD" but given no regulations,
hey, use it until it's no longer allowed.
|
I'm sure some out there are doing exactly that. (set the CID to
something which would yield lower rates) I wouldn't call it fraud
though. When you think about it interconnection rates and reciprocal
revenue and all that were meant for the PSTN. You can't treat a call
coming to you via your owned PSTN wiring and a call coming to you via
someone else's (internet) backbone as the same for billing purposes.
Can't being "shouldn't". 
-- Nitzan
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
nk3569 at yahoo.com
Guest
|
| Posted: Fri May 09, 2008 1:36 pm Post subject: [asterisk-biz] ANI |
|
|
--- On Fri, 5/9/08, Steve Totaro <stotaro@totarotechnologies.com> wrote:
| Quote: | The only other explanation is that he used two different
phones but I am the trusting type. Besides the quoted
article confirms that VoIP providers use Caller ID as ANI.
|
I don't see a way to do it otherwise, as a carrier for outgoing
traffic, how exactly are you going to check or verify that the
CID being sent is not the ANI? just because you don't provide
the incoming number doesn't mean it's not valid, and if you do
it still doesn't mean it is. In essence as a carrier you have
no choice but to "trust" the CID you're being fed.
As far as regulating this - no thanks! I agree there should be
a law out there against FRAUDULENT use, but the last thing any
VoIP carrier needs is regulation on LEGIT use. In essence if
you put a law out there saying "you should prevent your customers
from abusing this" that's fine, but if you put out a law saying
"spoofing CID is illegal" you're basically deeming most VSPs
illegal. Again, just because I "own" the number from provider A
doesn't mean I don't have to "spoof" it for provider B. Incoming
and outgoing are totally separate.
-- Nitzan
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
jra at baylink.com
Guest
|
| Posted: Fri May 09, 2008 1:43 pm Post subject: [asterisk-biz] ANI |
|
|
On Fri, May 09, 2008 at 11:31:45AM -0700, Nitzan Kon wrote:
| Quote: | I don't see a way to do it otherwise, as a carrier for outgoing
traffic, how exactly are you going to check or verify that the
CID being sent is not the ANI? just because you don't provide
the incoming number doesn't mean it's not valid, and if you do
it still doesn't mean it is. In essence as a carrier you have
no choice but to "trust" the CID you're being fed.
|
Horse hockey.
As a carrier, interfacing to the PSTN, *you* are responsible for the
DNs that the subscriber is assigned, and neither I nor the FCC sees any
reason why you can't validate the numbers you're presented against that
list before extending calls into said PSTN.
| Quote: | As far as regulating this - no thanks! I agree there should be
a law out there against FRAUDULENT use, but the last thing any
VoIP carrier needs is regulation on LEGIT use. In essence if
you put a law out there saying "you should prevent your customers
from abusing this" that's fine, but if you put out a law saying
"spoofing CID is illegal" you're basically deeming most VSPs
illegal. Again, just because I "own" the number from provider A
doesn't mean I don't have to "spoof" it for provider B. Incoming
and outgoing are totally separate.
|
Carriers should be (and TTBOMK, are) responsible for the DNs sent out
as (at least) ANI on lines they provide to subs, and they should not
permit them to be any number the client isn't assigned. I'm less
concerned about CNID, for the reason you cite, though random Murricans
probably would not be.
There *is* no legitimate reason for spoofing ANI from the subscriber
level which does not break the semantics assumed of ANI.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
stotaro at totarotechn...
Guest
|
| Posted: Fri May 09, 2008 1:48 pm Post subject: [asterisk-biz] ANI |
|
|
On Fri, May 9, 2008 at 2:31 PM, Nitzan Kon <nk3569@yahoo.com> wrote:
| Quote: | --- On Fri, 5/9/08, Steve Totaro <stotaro@totarotechnologies.com> wrote:
| Quote: | The only other explanation is that he used two different
phones but I am the trusting type. Besides the quoted
article confirms that VoIP providers use Caller ID as ANI.
|
I don't see a way to do it otherwise, as a carrier for outgoing
traffic, how exactly are you going to check or verify that the
CID being sent is not the ANI? just because you don't provide
the incoming number doesn't mean it's not valid, and if you do
it still doesn't mean it is. In essence as a carrier you have
no choice but to "trust" the CID you're being fed.
As far as regulating this - no thanks! I agree there should be
a law out there against FRAUDULENT use, but the last thing any
VoIP carrier needs is regulation on LEGIT use. In essence if
you put a law out there saying "you should prevent your customers
from abusing this" that's fine, but if you put out a law saying
"spoofing CID is illegal" you're basically deeming most VSPs
illegal. Again, just because I "own" the number from provider A
doesn't mean I don't have to "spoof" it for provider B. Incoming
and outgoing are totally separate.
-- Nitzan
|
I think you are missing the whole point here. CID and ANI are DIFFERENT.
A law concerning passing valid CID should not be passed. I have used
it as a GUID between call centers.
However, there should be a law against bogus ANI.
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
asterisk at wideideas.com
Guest
|
| Posted: Fri May 09, 2008 1:59 pm Post subject: [asterisk-biz] ANI |
|
|
I'm sorry but your experience is entrenched in the switched based PSTN
type facilities/termination. Quite a few years ago major carriers
(Verizon, ATT, Qwest, Level 3 etc) have allowed termination to them
via IP. This is for customers that don't even have any DID with the
carrier (termination only). How do you propose the carrier would be
able to verify the correctness of the CID being passed to them? All
of these carriers simply pass along the CID/ANI which the customer
provides, and there is nor can their be any way to verify it.
Welcome to IP baby, you really can't lock it down using the
traditional methods. As much as you would like to think that the
entity converting the IP to PSTN should/would/could/does correctly
specify the absolute correct ANI/CID it is quite the opposite on a
large scale. Unless someone dreams up a new way to enforce or
efficiently verify CID/ANI and the big boys actually implement it this
isn't likely to change.
BTW there are actual telemarketing laws that will get you slapped if
you use CID spoofing in marketing. Not sure who but someone just got
slapped with a $500k fine for doing it. Google around I'm sure you'll
find it.
Miles
On May 9, 2008, at 11:40 AM, Jay R. Ashworth wrote:
| Quote: | On Fri, May 09, 2008 at 11:31:45AM -0700, Nitzan Kon wrote:
| Quote: | I don't see a way to do it otherwise, as a carrier for outgoing
traffic, how exactly are you going to check or verify that the
CID being sent is not the ANI? just because you don't provide
the incoming number doesn't mean it's not valid, and if you do
it still doesn't mean it is. In essence as a carrier you have
no choice but to "trust" the CID you're being fed.
|
Horse hockey.
As a carrier, interfacing to the PSTN, *you* are responsible for the
DNs that the subscriber is assigned, and neither I nor the FCC sees
any
reason why you can't validate the numbers you're presented against
that
list before extending calls into said PSTN.
| Quote: | As far as regulating this - no thanks! I agree there should be
a law out there against FRAUDULENT use, but the last thing any
VoIP carrier needs is regulation on LEGIT use. In essence if
you put a law out there saying "you should prevent your customers
from abusing this" that's fine, but if you put out a law saying
"spoofing CID is illegal" you're basically deeming most VSPs
illegal. Again, just because I "own" the number from provider A
doesn't mean I don't have to "spoof" it for provider B. Incoming
and outgoing are totally separate.
|
Carriers should be (and TTBOMK, are) responsible for the DNs sent out
as (at least) ANI on lines they provide to subs, and they should not
permit them to be any number the client isn't assigned. I'm less
concerned about CNID, for the reason you cite, though random Murricans
probably would not be.
There *is* no legitimate reason for spoofing ANI from the subscriber
level which does not break the semantics assumed of ANI.
|
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
nk3569 at yahoo.com
Guest
|
| Posted: Fri May 09, 2008 2:36 pm Post subject: [asterisk-biz] ANI |
|
|
--- On Fri, 5/9/08, Jay R. Ashworth <jra@baylink.com> wrote:
| Quote: | As a carrier, interfacing to the PSTN, *you* are
responsible for the DNs that the subscriber is assigned,
|
I am talking about wholesale carriers. Sure- I can validate the
CID *I* send - but MY carriers have absolutely no way to tell
whether what I'm sending them is legit or not.
And in contrast- if I provide wholesale service to someone else,
how am I supposed to tell whether what they feed me is legit or
not? it is impossible to know.
-- Nitzan
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
abalashov at evaristes...
Guest
|
| Posted: Fri May 09, 2008 4:11 pm Post subject: [asterisk-biz] ANI |
|
|
Miles Scruggs wrote:
| Quote: | I'm sorry but your experience is entrenched in the switched based PSTN
type facilities/termination. Quite a few years ago major carriers
(Verizon, ATT, Qwest, Level 3 etc) have allowed termination to them
via IP. This is for customers that don't even have any DID with the
carrier (termination only). How do you propose the carrier would be
able to verify the correctness of the CID being passed to them? All
of these carriers simply pass along the CID/ANI which the customer
provides, and there is nor can their be any way to verify it.
Welcome to IP baby, you really can't lock it down using the
traditional methods. As much as you would like to think that the
entity converting the IP to PSTN should/would/could/does correctly
specify the absolute correct ANI/CID it is quite the opposite on a
large scale. Unless someone dreams up a new way to enforce or
efficiently verify CID/ANI and the big boys actually implement it this
isn't likely to change.
BTW there are actual telemarketing laws that will get you slapped if
you use CID spoofing in marketing. Not sure who but someone just got
slapped with a $500k fine for doing it. Google around I'm sure you'll
find it.
Miles
On May 9, 2008, at 11:40 AM, Jay R. Ashworth wrote:
| Quote: | On Fri, May 09, 2008 at 11:31:45AM -0700, Nitzan Kon wrote:
| Quote: | I don't see a way to do it otherwise, as a carrier for outgoing
traffic, how exactly are you going to check or verify that the
CID being sent is not the ANI? just because you don't provide
the incoming number doesn't mean it's not valid, and if you do
it still doesn't mean it is. In essence as a carrier you have
no choice but to "trust" the CID you're being fed.
|
Horse hockey.
As a carrier, interfacing to the PSTN, *you* are responsible for the
DNs that the subscriber is assigned, and neither I nor the FCC sees
any
reason why you can't validate the numbers you're presented against
that
list before extending calls into said PSTN.
| Quote: | As far as regulating this - no thanks! I agree there should be
a law out there against FRAUDULENT use, but the last thing any
VoIP carrier needs is regulation on LEGIT use. In essence if
you put a law out there saying "you should prevent your customers
from abusing this" that's fine, but if you put out a law saying
"spoofing CID is illegal" you're basically deeming most VSPs
illegal. Again, just because I "own" the number from provider A
doesn't mean I don't have to "spoof" it for provider B. Incoming
and outgoing are totally separate.
|
Carriers should be (and TTBOMK, are) responsible for the DNs sent out
as (at least) ANI on lines they provide to subs, and they should not
permit them to be any number the client isn't assigned. I'm less
concerned about CNID, for the reason you cite, though random Murricans
probably would not be.
There *is* no legitimate reason for spoofing ANI from the subscriber
level which does not break the semantics assumed of ANI.
|
|
This is exactly right. The concept of a BTN and/or charge number
doesn't exist in VoIP. Sure, when the call goes out ISUP that field is
still populated, but what it's populated with is entirely up to the
carrier and their switch configuration.
--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
stotaro at totarotechn...
Guest
|
| Posted: Fri May 09, 2008 4:58 pm Post subject: [asterisk-biz] ANI |
|
|
On Fri, May 9, 2008 at 5:03 PM, Alex Balashov <abalashov@evaristesys.com> wrote:
| Quote: | Miles Scruggs wrote:
| Quote: | I'm sorry but your experience is entrenched in the switched based PSTN
type facilities/termination. Quite a few years ago major carriers
(Verizon, ATT, Qwest, Level 3 etc) have allowed termination to them
via IP. This is for customers that don't even have any DID with the
carrier (termination only). How do you propose the carrier would be
able to verify the correctness of the CID being passed to them? All
of these carriers simply pass along the CID/ANI which the customer
provides, and there is nor can their be any way to verify it.
Welcome to IP baby, you really can't lock it down using the
traditional methods. As much as you would like to think that the
entity converting the IP to PSTN should/would/could/does correctly
specify the absolute correct ANI/CID it is quite the opposite on a
large scale. Unless someone dreams up a new way to enforce or
efficiently verify CID/ANI and the big boys actually implement it this
isn't likely to change.
BTW there are actual telemarketing laws that will get you slapped if
you use CID spoofing in marketing. Not sure who but someone just got
slapped with a $500k fine for doing it. Google around I'm sure you'll
find it.
Miles
On May 9, 2008, at 11:40 AM, Jay R. Ashworth wrote:
| Quote: | On Fri, May 09, 2008 at 11:31:45AM -0700, Nitzan Kon wrote:
| Quote: | I don't see a way to do it otherwise, as a carrier for outgoing
traffic, how exactly are you going to check or verify that the
CID being sent is not the ANI? just because you don't provide
the incoming number doesn't mean it's not valid, and if you do
it still doesn't mean it is. In essence as a carrier you have
no choice but to "trust" the CID you're being fed.
|
Horse hockey.
As a carrier, interfacing to the PSTN, *you* are responsible for the
DNs that the subscriber is assigned, and neither I nor the FCC sees
any
reason why you can't validate the numbers you're presented against
that
list before extending calls into said PSTN.
| Quote: | As far as regulating this - no thanks! I agree there should be
a law out there against FRAUDULENT use, but the last thing any
VoIP carrier needs is regulation on LEGIT use. In essence if
you put a law out there saying "you should prevent your customers
from abusing this" that's fine, but if you put out a law saying
"spoofing CID is illegal" you're basically deeming most VSPs
illegal. Again, just because I "own" the number from provider A
doesn't mean I don't have to "spoof" it for provider B. Incoming
and outgoing are totally separate.
|
Carriers should be (and TTBOMK, are) responsible for the DNs sent out
as (at least) ANI on lines they provide to subs, and they should not
permit them to be any number the client isn't assigned. I'm less
concerned about CNID, for the reason you cite, though random Murricans
probably would not be.
There *is* no legitimate reason for spoofing ANI from the subscriber
level which does not break the semantics assumed of ANI.
|
|
This is exactly right. The concept of a BTN and/or charge number
doesn't exist in VoIP. Sure, when the call goes out ISUP that field is
still populated, but what it's populated with is entirely up to the
carrier and their switch configuration.
--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599
|
That may be the case but it should not be allowed.
People pay their bills based on ANI. If they are being billed
incorrectly, then either the customer or the carrier (who really
cares) is being ripped off, intentionally or not.
A new technology or methodology needs to be introduced to stop this,
as there is no real world use for altering ANI.
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
jra at baylink.com
Guest
|
| Posted: Fri May 09, 2008 6:55 pm Post subject: [asterisk-biz] ANI |
|
|
On Fri, May 09, 2008 at 01:03:29PM -0400, Charles Vance wrote:
| Quote: | Actually there is no federal law as yet.
|
I didn't say "federal law". I believe that it's somewhere in FCC part
68 or whatever has replaced that these days...
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
abalashov at evaristes...
Guest
|
| Posted: Fri May 09, 2008 7:01 pm Post subject: [asterisk-biz] ANI |
|
|
Steve Totaro wrote:
| Quote: | That may be the case but it should not be allowed.
People pay their bills based on ANI. If they are being billed
incorrectly, then either the customer or the carrier (who really
cares) is being ripped off, intentionally or not.
A new technology or methodology needs to be introduced to stop this,
as there is no real world use for altering ANI.
|
VoIP is disruptive to traditional PSTN call routing and billing
methodologies. You can present your call to the LEC as originating from
anywhere. Film at 11.
--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
jscully at isipi.com
Guest
|
| Posted: Fri May 09, 2008 7:21 pm Post subject: [asterisk-biz] ANI |
|
|
OK - A few people here have touched on the right answer, but I am going to
say it more bluntly:
No limit on ability to "spoof" outbound callerid/ANI is possible without
crippling the ability to aggregate traffic from customers. An aggregator
has zero ability to determine what PSTN numbers a customer of a customer has
right to use. You have a PBX with PSTN numbers, I have a wholesale customer
who sells you IP trunking for outbound LD. You set your switch to use the
proper ANI so people who call back some in on your PSTN lines.
Your direct "LD company" may have no switch, and your PBX may be trunked
directly to me, but I do not know who you are. So I have no one to contact
and verify ANI, the company who does know who you are has no way to verify
what ANI you send, and in any case, it is none of our business.
You may be an outbound call center making calls for a different company, and
using their ANI so their customers see the calls as coming from them.
Now, how about our upstream carriers? We have maybe 30 CLECS over whom we
can terminate traffic. Should they all ask us if your ANI is legit?
You see the issue - this one has to be handled with a big stick used to beat
people who commit abuse, not by blocking the ability of us all to do legit
business.
John Scully
www.isupportisp.com
614-372-6511
Residential and Business VoIP solutions
Hosted and on Premise IP-PBX systems
Advanced Voice Applications and IVRs
----- Original Message -----
From: "Steve Totaro" <stotaro@totarotechnologies.com>
To: "Commercial and Business-Oriented Asterisk Discussion"
<asterisk-biz@lists.digium.com>
Sent: Friday, May 09, 2008 5:54 PM
Subject: Re: [asterisk-biz] ANI
| Quote: |
On Fri, May 9, 2008 at 5:03 PM, Alex Balashov <abalashov@evaristesys.com>
wrote:
| Quote: | Miles Scruggs wrote:
| Quote: | I'm sorry but your experience is entrenched in the switched based PSTN
type facilities/termination. Quite a few years ago major carriers
(Verizon, ATT, Qwest, Level 3 etc) have allowed termination to them
via IP. This is for customers that don't even have any DID with the
carrier (termination only). How do you propose the carrier would be
able to verify the correctness of the CID being passed to them? All
of these carriers simply pass along the CID/ANI which the customer
provides, and there is nor can their be any way to verify it.
Welcome to IP baby, you really can't lock it down using the
traditional methods. As much as you would like to think that the
entity converting the IP to PSTN should/would/could/does correctly
specify the absolute correct ANI/CID it is quite the opposite on a
large scale. Unless someone dreams up a new way to enforce or
efficiently verify CID/ANI and the big boys actually implement it this
isn't likely to change.
BTW there are actual telemarketing laws that will get you slapped if
you use CID spoofing in marketing. Not sure who but someone just got
slapped with a $500k fine for doing it. Google around I'm sure you'll
find it.
Miles
On May 9, 2008, at 11:40 AM, Jay R. Ashworth wrote:
| Quote: | On Fri, May 09, 2008 at 11:31:45AM -0700, Nitzan Kon wrote:
| Quote: | I don't see a way to do it otherwise, as a carrier for outgoing
traffic, how exactly are you going to check or verify that the
CID being sent is not the ANI? just because you don't provide
the incoming number doesn't mean it's not valid, and if you do
it still doesn't mean it is. In essence as a carrier you have
no choice but to "trust" the CID you're being fed.
|
Horse hockey.
As a carrier, interfacing to the PSTN, *you* are responsible for the
DNs that the subscriber is assigned, and neither I nor the FCC sees
any
reason why you can't validate the numbers you're presented against
that
list before extending calls into said PSTN.
| Quote: | As far as regulating this - no thanks! I agree there should be
a law out there against FRAUDULENT use, but the last thing any
VoIP carrier needs is regulation on LEGIT use. In essence if
you put a law out there saying "you should prevent your customers
from abusing this" that's fine, but if you put out a law saying
"spoofing CID is illegal" you're basically deeming most VSPs
illegal. Again, just because I "own" the number from provider A
doesn't mean I don't have to "spoof" it for provider B. Incoming
and outgoing are totally separate.
|
Carriers should be (and TTBOMK, are) responsible for the DNs sent out
as (at least) ANI on lines they provide to subs, and they should not
permit them to be any number the client isn't assigned. I'm less
concerned about CNID, for the reason you cite, though random Murricans
probably would not be.
There *is* no legitimate reason for spoofing ANI from the subscriber
level which does not break the semantics assumed of ANI.
|
|
This is exactly right. The concept of a BTN and/or charge number
doesn't exist in VoIP. Sure, when the call goes out ISUP that field is
still populated, but what it's populated with is entirely up to the
carrier and their switch configuration.
--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599
|
That may be the case but it should not be allowed.
People pay their bills based on ANI. If they are being billed
incorrectly, then either the customer or the carrier (who really
cares) is being ripped off, intentionally or not.
A new technology or methodology needs to be introduced to stop this,
as there is no real world use for altering ANI.
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
|
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
stotaro at totarotechn...
Guest
|
| Posted: Sat May 10, 2008 1:19 pm Post subject: [asterisk-biz] ANI |
|
|
Again, you are confusing ANI with Caller ID. It is not callerid/ANI
it is caller ID and ANI, they are not the same!
Here is a nice little article that sums up the differences and how to
use spoofed ANI to call premium 900 numbers and bill it to someone
else. It also mentions 911. I am going to try both. If in fact, if
911 has the spoofed location and there are no 900 bills on my PRI,
then there MUST be legislation and regulation.
I will report back with results.
I don't want to hear "It is not possible", anything is possible,
especially if made public via Fox News, CNN and other popular news
outlets.
http://www.totse.com/en/phreak/introduction_to_telecommunications/cid_ani.html
Thanks,
Steve Totaro
On Fri, May 9, 2008 at 8:13 PM, John Scully <jscully@isipi.com> wrote:
| Quote: | OK - A few people here have touched on the right answer, but I am going to
say it more bluntly:
No limit on ability to "spoof" outbound callerid/ANI is possible without
crippling the ability to aggregate traffic from customers. An aggregator
has zero ability to determine what PSTN numbers a customer of a customer has
right to use. You have a PBX with PSTN numbers, I have a wholesale customer
who sells you IP trunking for outbound LD. You set your switch to use the
proper ANI so people who call back some in on your PSTN lines.
Your direct "LD company" may have no switch, and your PBX may be trunked
directly to me, but I do not know who you are. So I have no one to contact
and verify ANI, the company who does know who you are has no way to verify
what ANI you send, and in any case, it is none of our business.
You may be an outbound call center making calls for a different company, and
using their ANI so their customers see the calls as coming from them.
Now, how about our upstream carriers? We have maybe 30 CLECS over whom we
can terminate traffic. Should they all ask us if your ANI is legit?
You see the issue - this one has to be handled with a big stick used to beat
people who commit abuse, not by blocking the ability of us all to do legit
business.
John Scully
www.isupportisp.com
614-372-6511
Residential and Business VoIP solutions
Hosted and on Premise IP-PBX systems
Advanced Voice Applications and IVRs
----- Original Message -----
From: "Steve Totaro" <stotaro@totarotechnologies.com>
To: "Commercial and Business-Oriented Asterisk Discussion"
<asterisk-biz@lists.digium.com>
Sent: Friday, May 09, 2008 5:54 PM
Subject: Re: [asterisk-biz] ANI
| Quote: |
On Fri, May 9, 2008 at 5:03 PM, Alex Balashov <abalashov@evaristesys.com>
wrote:
| Quote: | Miles Scruggs wrote:
| Quote: | I'm sorry but your experience is entrenched in the switched based PSTN
type facilities/termination. Quite a few years ago major carriers
(Verizon, ATT, Qwest, Level 3 etc) have allowed termination to them
via IP. This is for customers that don't even have any DID with the
carrier (termination only). How do you propose the carrier would be
able to verify the correctness of the CID being passed to them? All
of these carriers simply pass along the CID/ANI which the customer
provides, and there is nor can their be any way to verify it.
Welcome to IP baby, you really can't lock it down using the
traditional methods. As much as you would like to think that the
entity converting the IP to PSTN should/would/could/does correctly
specify the absolute correct ANI/CID it is quite the opposite on a
large scale. Unless someone dreams up a new way to enforce or
efficiently verify CID/ANI and the big boys actually implement it this
isn't likely to change.
BTW there are actual telemarketing laws that will get you slapped if
you use CID spoofing in marketing. Not sure who but someone just got
slapped with a $500k fine for doing it. Google around I'm sure you'll
find it.
Miles
On May 9, 2008, at 11:40 AM, Jay R. Ashworth wrote:
| Quote: | On Fri, May 09, 2008 at 11:31:45AM -0700, Nitzan Kon wrote:
| Quote: | I don't see a way to do it otherwise, as a carrier for outgoing
traffic, how exactly are you going to check or verify that the
CID being sent is not the ANI? just because you don't provide
the incoming number doesn't mean it's not valid, and if you do
it still doesn't mean it is. In essence as a carrier you have
no choice but to "trust" the CID you're being fed.
|
Horse hockey.
As a carrier, interfacing to the PSTN, *you* are responsible for the
DNs that the subscriber is assigned, and neither I nor the FCC sees
any
reason why you can't validate the numbers you're presented against
that
list before extending calls into said PSTN.
| Quote: | As far as regulating this - no thanks! I agree there should be
a law out there against FRAUDULENT use, but the last thing any
VoIP carrier needs is regulation on LEGIT use. In essence if
you put a law out there saying "you should prevent your customers
from abusing this" that's fine, but if you put out a law saying
"spoofing CID is illegal" you're basically deeming most VSPs
illegal. Again, just because I "own" the number from provider A
doesn't mean I don't have to "spoof" it for provider B. Incoming
and outgoing are totally separate.
|
Carriers should be (and TTBOMK, are) responsible for the DNs sent out
as (at least) ANI on lines they provide to subs, and they should not
permit them to be any number the client isn't assigned. I'm less
concerned about CNID, for the reason you cite, though random Murricans
probably would not be.
There *is* no legitimate reason for spoofing ANI from the subscriber
level which does not break the semantics assumed of ANI.
|
|
This is exactly right. The concept of a BTN and/or charge number
doesn't exist in VoIP. Sure, when the call goes out ISUP that field is
still populated, but what it's populated with is entirely up to the
carrier and their switch configuration.
--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599
|
That may be the case but it should not be allowed.
People pay their bills based on ANI. If they are being billed
incorrectly, then either the customer or the carrier (who really
cares) is being ripped off, intentionally or not.
A new technology or methodology needs to be introduced to stop this,
as there is no real world use for altering ANI.
Thanks,
Steve Totaro
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
|
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
|
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
