[asterisk-biz] ANI

[Nitzan Kon]

Yes, we know there are security problems.

As a VoIP carrier - I do *not* let my customers set their own CID exactly for those reasons. However, I absolutely have to be able to set CID *myself* if I want to have any chance of surviving as a carrier.

Now, how do you suggest we fix it without wiping out most small VoIP carriers out there? simply saying "we gotta ban it" is not going to magically fix things. It's just going to create more problems.


--- On Mon, 5/12/08, Steve Totaro <stotaro at totarotechnologies.com> wrote:

> From: Steve Totaro <stotaro at totarotechnologies.com>
> Subject: Re: [asterisk-biz] ANI
> To: trixter at 0xdecafbad.com, "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz at lists.digium.com>
> Date: Monday, May 12, 2008, 6:22 PM
> Setting up a drone Asterisk box to take hundreds of
> thousands of FTP
> .call files at 3AM (by each time zone) and play pro Hillary
> Clinton
> campaign messages (or whoever you don't like),
> obviously spoofing
> her/his campaign headquarters caller ID and ANI.
> 
> Obtaining a new credit card from someone's mailbox with
> the sticker to
> call from your home phone to activate the card.  Spoof
> their Caller ID
> and ANI, activate, and buy some cool gadgets or whatever
> people do
> with cards that don't belong to them.
> 
> Setting CallerID/ANI to clients', girlfriends',
> bosses' cell phone and
> call until voicemail picks up, if no PIN is set, I have
> full control
> of their voicemail (and could possibly call out, I will
> have to test
> that with the call back option.  Then someone could really
> have some
> fun depending on what messages they have saved)
> 
> So many exploits.....
> 
> Thanks,
> Steve Totaro
> 
> _______________________________________________
> --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
> 
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz