[Asterisk-biz] CID Spoofing

[C F]

On 7/27/05, Colin Anderson <ColinA at landmarkmasterbuilder.com> wrote:
>  
>   
>  
> http://securityfocus.com/news/9061  


This article is very unaccurate.
1.  About the CPN, the phone number gets transmitted twice, once in
the ANI package, and once as Caller ID. None of the telcos AFAIK use
the ANI CPN for caller id (in fact omni point in around 2000 - or
maybe earlier - WAS using ANI for caller ID in their voice mail
application and even when you were blocking caller id the voice mail
app would replay your caller id number to the vm subscriber, this was
tested and confirmed in 2600 magazine, the method they used was to
spoof caller id to a different number and then left a message,
listened to the message and got the real phone number that was only
able to come from ANI).
2. Privacy flag. Not true, I know if you search google you will find
textfilze that confirm this so called privacy flag, but we all know
it's not there, try it out, and you'll see that it doesn't send the
number at all when you use private.
3. FCC does not regulate in any way caller id, caller id was
interduced in the early '90s and was meant as a revenu generator for
the telcos. The technology was interduced as a new protocol standard,
and it's up to the telco to send it, of course they all do, since they
offer this service the their own customers as well.
In addition we all know (those of us that deal with phones from before
the VoIP days) that caller ID can be spoofed on the traditional PSTN
as well. First with PRI, also there are other ways of spoofing it,
which is beyond this list. If you want more then you will have to buy
almost every issue of 2600 since caller ID was interduced by the
telcos.
As far as we know, all that VoIP adds is the capability for someone
without a PRI to spoof caller ID.
I have no clue who that Lucky 255 is, but he sure doesn't know much
about hacking/phreaking or the like, what he knows best is how to get
attention.