[asterisk-biz] ANI

Miles Scruggs asterisk at wideideas.com
Fri May 9 13:55:15 CDT 2008 

I'm sorry but your experience is entrenched in the switched based PSTN  
type facilities/termination.  Quite a few years ago major carriers  
(Verizon, ATT, Qwest, Level 3 etc) have allowed termination to them  
via IP. This is for customers that don't even have any DID with the  
carrier (termination only).  How do you propose the carrier would be  
able to verify the correctness of the CID being passed to them?  All  
of these carriers simply pass along the CID/ANI which the customer  
provides, and there is nor can their be any way to verify it.

Welcome to IP baby, you really can't lock it down using the  
traditional methods.  As much as you would like to think that the  
entity converting the IP to PSTN should/would/could/does correctly  
specify the absolute correct ANI/CID it is quite the opposite on a  
large scale.  Unless someone dreams up a new way to enforce or  
efficiently verify CID/ANI and the big boys actually implement it this  
isn't likely to change.

BTW there are actual telemarketing laws that will get you slapped if  
you use CID spoofing in marketing.  Not sure who but someone just got  
slapped with a $500k fine for doing it.  Google around I'm sure you'll  
find it.

Miles

On May 9, 2008, at 11:40 AM, Jay R. Ashworth wrote:
> On Fri, May 09, 2008 at 11:31:45AM -0700, Nitzan Kon wrote:
>> I don't see a way to do it otherwise, as a carrier for outgoing
>> traffic, how exactly are you going to check or verify that the
>> CID being sent is not the ANI? just because you don't provide
>> the incoming number doesn't mean it's not valid, and if you do
>> it still doesn't mean it is. In essence as a carrier you have
>> no choice but to "trust" the CID you're being fed.
>
> Horse hockey.
>
> As a carrier, interfacing to the PSTN, *you* are responsible for the
> DNs that the subscriber is assigned, and neither I nor the FCC sees  
> any
> reason why you can't validate the numbers you're presented against  
> that
> list before extending calls into said PSTN.
>
>> As far as regulating this - no thanks! I agree there should be
>> a law out there against FRAUDULENT use, but the last thing any
>> VoIP carrier needs is regulation on LEGIT use. In essence if
>> you put a law out there saying "you should prevent your customers
>> from abusing this" that's fine, but if you put out a law saying
>> "spoofing CID is illegal" you're basically deeming most VSPs
>> illegal. Again, just because I "own" the number from provider A
>> doesn't mean I don't have to "spoof" it for provider B. Incoming
>> and outgoing are totally separate.
>
> Carriers should be (and TTBOMK, are) responsible for the DNs sent out
> as (at least) ANI on lines they provide to subs, and they should not
> permit them to be any number the client isn't assigned.  I'm less
> concerned about CNID, for the reason you cite, though random Murricans
> probably would not be.
>
> There *is* no legitimate reason for spoofing ANI from the subscriber
> level which does not break the semantics assumed of ANI.
>

More information about the asterisk-biz mailing list