[Asterisk-biz] CID Spoofing

C F shmaltz at gmail.com
Thu Jul 28 07:42:07 MST 2005 

On 7/27/05, Gary Reuter <gary.reuter at gmail.com> wrote:
> My turn to jump in, just because I've been wrestling with caller id
> spoofing for my own (totally legit) reasons.
> 
> > >>> Does anyone know if CID spoofing is legal ?
> IANAL, but I think it is.  The ability to change the callerid on PRIs
> is not new.  Impersonating someone is not legal, so displaying someone
> else's telephone number without their permission/expectation can
> probably get you into trouble.

Yeah right, impersonatin is not legal, but since when is using caller
ID impersonating? all you doing is making the person think (not
believe) that his girl friend is calling, as soon as that person picks
up s/he knows it's not the girl friend.

 
> > This is not a good idea for many reasons. Flipping the business model
> > on its head, you really need to look at what honest purpose this would
> > serve.
> The proposed business model in this thread is a type of click-to-call
> service with caller-id spoofing.  For that, I cannot really think of a
> legit reason for spoofing CID other than practical jokes.  As for bill
> collectors, they either show their number, or block it altogether --
> I've had enough call me to know! :-)
> 
> However, the requirement to 'spoof' the caller-id is quite legitimate.
>  A voicemail service provider doesn't want to display the voicemail
> access number but rather the customer's number when the customer uses
> an instant-callback feature.  An long-distance provider wants the same
> feature.
 
This is not spoofing, this is generating legit callerid. This is like
saying that when the telco is sending caller id info, the telco is
poofing your caller id, they are not they are generating it.

> And since I'm sure the question is on alot of people's minds:
> Asterisk can spoof callerid depending on what protocal the outbound
> call is using.
> With the IAX providers I've used, I've been able to 'spoof' pretty
> much anything to any destination, either in the dialplan or in
> sip.conf for the user.
> With SIP providers (using Cisco gateways), neither STABLE nor HEAD
> support Remote-Party-ID for outgoing calls.  I recently started
> working on a patch (still have to do proper 'screen' and 'privacy'),
> and can 'spoof' the CID on outbound SIP calls also.

I have no clue where you took this from, but here is the real thing,
you could spoof caller id with asterisk even on SIP, unless you use
the fromuser field in sip.conf. or if the end technology doesn't
support callerid (like pots).

> (If you use SER to proxy outbound calls from your asterisk server to
> your SIP provider, it may be easier to have the Remote-Party-ID header
> added there rather than patching chan_sip).
> No experience with PRI connections (until next week anyway), but from
> my understanding, Asterisk will be able to put whatever callerid
> desired.

PRI is where it all started, and in fact the reason you could spoof it
with asterisk (IAX, SIP) is because in most cases the end connection
to the PSTN will something that uses PRI or similar.

More information about the asterisk-biz mailing list