[asterisk-biz] ANI

Alex Balashov abalashov at evaristesys.com
Fri May 9 16:03:17 CDT 2008 

Miles Scruggs wrote:
> I'm sorry but your experience is entrenched in the switched based PSTN  
> type facilities/termination.  Quite a few years ago major carriers  
> (Verizon, ATT, Qwest, Level 3 etc) have allowed termination to them  
> via IP. This is for customers that don't even have any DID with the  
> carrier (termination only).  How do you propose the carrier would be  
> able to verify the correctness of the CID being passed to them?  All  
> of these carriers simply pass along the CID/ANI which the customer  
> provides, and there is nor can their be any way to verify it.
> 
> Welcome to IP baby, you really can't lock it down using the  
> traditional methods.  As much as you would like to think that the  
> entity converting the IP to PSTN should/would/could/does correctly  
> specify the absolute correct ANI/CID it is quite the opposite on a  
> large scale.  Unless someone dreams up a new way to enforce or  
> efficiently verify CID/ANI and the big boys actually implement it this  
> isn't likely to change.
> 
> BTW there are actual telemarketing laws that will get you slapped if  
> you use CID spoofing in marketing.  Not sure who but someone just got  
> slapped with a $500k fine for doing it.  Google around I'm sure you'll  
> find it.
> 
> Miles
> 
> On May 9, 2008, at 11:40 AM, Jay R. Ashworth wrote:
>> On Fri, May 09, 2008 at 11:31:45AM -0700, Nitzan Kon wrote:
>>> I don't see a way to do it otherwise, as a carrier for outgoing
>>> traffic, how exactly are you going to check or verify that the
>>> CID being sent is not the ANI? just because you don't provide
>>> the incoming number doesn't mean it's not valid, and if you do
>>> it still doesn't mean it is. In essence as a carrier you have
>>> no choice but to "trust" the CID you're being fed.
>> Horse hockey.
>>
>> As a carrier, interfacing to the PSTN, *you* are responsible for the
>> DNs that the subscriber is assigned, and neither I nor the FCC sees  
>> any
>> reason why you can't validate the numbers you're presented against  
>> that
>> list before extending calls into said PSTN.
>>
>>> As far as regulating this - no thanks! I agree there should be
>>> a law out there against FRAUDULENT use, but the last thing any
>>> VoIP carrier needs is regulation on LEGIT use. In essence if
>>> you put a law out there saying "you should prevent your customers
>>> from abusing this" that's fine, but if you put out a law saying
>>> "spoofing CID is illegal" you're basically deeming most VSPs
>>> illegal. Again, just because I "own" the number from provider A
>>> doesn't mean I don't have to "spoof" it for provider B. Incoming
>>> and outgoing are totally separate.
>> Carriers should be (and TTBOMK, are) responsible for the DNs sent out
>> as (at least) ANI on lines they provide to subs, and they should not
>> permit them to be any number the client isn't assigned.  I'm less
>> concerned about CNID, for the reason you cite, though random Murricans
>> probably would not be.
>>
>> There *is* no legitimate reason for spoofing ANI from the subscriber
>> level which does not break the semantics assumed of ANI.

This is exactly right.  The concept of a BTN and/or charge number 
doesn't exist in VoIP.  Sure, when the call goes out ISUP that field is 
still populated, but what it's populated with is entirely up to the 
carrier and their switch configuration.


-- 
Alex Balashov
Evariste Systems
Web    : http://www.evaristesys.com/
Tel    : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599

More information about the asterisk-biz mailing list