[asterisk-biz] ANI

Steve Totaro stotaro at totarotechnologies.com
Tue May 13 14:40:03 CDT 2008


(From a US centric view obviously)

Well you do make several valid points about getting around things and
regulation taking resources.  I am positive that certain measures are
needed but should be outsourced from the Government.  They should not
go to the lowest bidder, they should go to the best ROI, taking into
consideration monetary and time costs, efficiency, and effectiveness.

Here are a couple of links of what I feel have some very good points.
I have to admit I am a fan of Donald Trump (full disclosure, I did
security system installations for many of his properties in NYC).

The part about the Ice Rink is a perfect example but there is plenty
of good info.

http://www.govote.com/Archive/Art_Of_The_Deal_Donald_Trump.htm
http://www.ontheissues.org/Celeb/Donald_Trump_Government_Reform.htm

We must be vocal and vote, that is our power and duty.

I am not going to pretend I know what this means (but I think I know)
"A single cross box can handle a large geographic area. Couple this
with a pair of cross-connect wires to another lateral (F2 or even F3)
and you could be even further."

If you are talking about butt sets and single pairs, then you may be
caught while dialing several thousand calls....  Smalltime at best.

The prank about the taxi is just that, a prank, just like leaving a
burning bag of dog poop and ringing someone's doorbell so they come
and stomp out the fire.  Apples, to oranges.

I don't follow this, "We would sit in my friend's dad's custom van
down the street with a long roll of speaker cable, with clips on one
end and a RJ-Jack on the other. High TECH, Radio Shack!!!"  What
exactly does that do?

I am afraid that nothing you have outlined could do any severe harm to
anyone (person or property).

Thanks,
Steve Totaro

On Tue, May 13, 2008 at 1:14 PM, Alexander Lopez <Alex.Lopez at opsys.com> wrote:
> I have avoided chiming in but this is getting pretty bad.
>
>  CALLERID, ANI, and EMAIL all suffer from the same problem. Once there is
>  no ONE entity controlling access, they are no viable (cost-effective)
>  ways to control it.  I'll take the risk of a cab showing up and my door,
>  or a pizza I didn't deliver showing up at my door, rather than have
>  everything I say, do, write, or transfer, accounted and verified. If the
>  bad guys, are going to do anything, than no measure of legislation, or
>  regulation would stop them. Humans are generally trusting, Case in
>  point, we used to let passengers carry knifes on airplanes, we no longer
>  allow that, and the world is NOT a better place because of it. An hour
>  to get on a plane for a 30 minute flight, that's regulation for you!!!
>  I know that once you pass a law for one thing, someone thinks of a way
>  around it.
>
>  I don't have to hack into an asterisk box, to do harm, I can go to any
>  cross box, pick a pair hook up a Butt Set and crank call my life away!!!
>
>  In high school, we found the address to a uniquely uptight teacher. We
>  would call a cab to his house every Wednesday night at 3AM (it was
>  quarter beer night at the Pub), We would tell the cab company that I was
>  hard of hearing and to please place the car as close to the front door
>  as possible and repeat ably FLASH the lights and HONK the Horn until I
>  came out. We would have done it for a longer period of time except that
>  we ran out of Cab companies. We would sit in my friend's dad's custom
>  van down the street with a long roll of speaker cable, with clips on one
>  end and a RJ-Jack on the other. High TECH, Radio Shack!!!
>
>  I am sure that to this day, he still hates taxi cabs; maybe if he goes
>  to the 20 year reunion I'll let him in on the secret!!!!
>
>  This just proves the point that there are other 'entrances' into the
>  PSTN that are hard to be traced.  A single cross box can handle a large
>  geographic area. Couple this with a pair of cross-connect wires to
>  another lateral (F2 or even F3) and you could be even further.
>
>
>
>  > -----Original Message-----
>  > From: asterisk-biz-bounces at lists.digium.com [mailto:asterisk-biz-
>  > bounces at lists.digium.com] On Behalf Of Steve Totaro
>  > Sent: Tuesday, May 13, 2008 12:42 PM
>  > To: nk3569 at yahoo.com; Commercial and Business-Oriented Asterisk
>  Discussion
>
>
> > Subject: Re: [asterisk-biz] ANI
>  >
>  > Nitzan,
>  >
>  > Maybe you are unaware that all of this could be done with *absolutely*
>  > no way to trace it back to the "Culprit".
>  >
>  > If you cannot trace it back to the culprit AND more importantly, clear
>  > the INNOCENT, then more regulation is needed.
>  >
>  > "Culprit -> VoIP carrier who lets set CID/ANI -> ILEC or CLEC ->
>  > terminated to PSTN." would be stupid.
>  >
>  > This make more sense:
>  > Open WiFi AP (or cracked WEP)  ---->  hacked Asterisk box (who sets
>  the
>  > CID/ANI ----> Telco  ------>  terminated to the PSTN
>  >
>  > Be sure to delete appropriate logs on the hacked Asterisk boxen and
>  just
>  > to be safe, spoof your laptop's MAC address.  Perform your exploit
>  > somewhere inconspicuous and a good distance from "home, then clean
>  your
>  > laptop by using DBAN http://dban.sourceforge.net/ which is DoD
>  5220.22-M
>  > compliant, before re-installing your OS"......
>  >
>  > Thanks,
>  > Steve Totaro
>  >
>  >
>  > Nitzan Kon wrote:
>  > > Yep. True.
>  > >
>  > > So the issue is not needing more regulation - but just how to be
>  able to
>  > enforce existing regulation. Not something that more regulation by
>  itself
>  > will resolve!
>  > >
>  > > Of course for all these cases, there WILL be records allowing law
>  > enforcement officials (***who know what they're doing***) to trace
>  back
>  > the calls. Even if you spoof ANI/CID - your call has to come from
>  > somewhere.
>  > >
>  > > Let's take your 3AM campaign suggestion for example: the way the
>  call
>  > will go is:
>  > >
>  > > Culprit -> VoIP carrier who lets set CID/ANI -> ILEC or CLEC ->
>  > terminated to PSTN.
>  > >
>  > > Tracing it back should not be a problem if you have the proper court
>  > orders, just find out with the terminating party which ILEC/CLEC they
>  got
>  > the call from, then find out with the ILEC/CLEC which VoIP carrier
>  they
>  > got the call from - and then finally get the customer records from the
>  > VoIP carrier.
>  > >
>  > > Sure, it's not as easy as it used to be, and I may be over
>  simplifying
>  > it - but it is possible and much better than trying to regulate who
>  can
>  > and can't set CID. Punish the CRIMINALS - not the PROVIDERS.
>  > >
>  > > --- On Thu, 5/29/08, Charles Vance <cbvance at msn.com> wrote:
>  > >
>  > >
>  > >> From: Charles Vance <cbvance at msn.com>
>  > >> Subject: Re: [asterisk-biz] ANI
>  > >> To: "Commercial and Business-Oriented Asterisk Discussion"
>  <asterisk-
>  > biz at lists.digium.com>
>  > >> Date: Thursday, May 29, 2008, 6:40 PM
>  > >> each of those scenario's involve either fraud or intent
>  > >> to do harm and are already prohibited
>  > >> in FCC regs even absent the "Truth in Caller ID
>  > >> Act"
>  > >>   ----- Original Message -----
>  > >>   From: Steve
>  > >> Totaro<mailto:stotaro at totarotechnologies.com>
>  > >>   To:
>  > >> trixter at 0xdecafbad.com<mailto:trixter at 0xdecafbad.com>
>  > >> ; Commercial and Business-Oriented Asterisk
>  > >> Discussion<mailto:asterisk-biz at lists.digium.com>
>  > >>   Sent: Monday, May 12, 2008 18:22
>  > >>   Subject: Re: [asterisk-biz] ANI
>  > >>
>  > >>
>  > >>   Setting up a drone Asterisk box to take hundreds of
>  > >> thousands of FTP
>  > >>   .call files at 3AM (by each time zone) and play pro
>  > >> Hillary Clinton
>  > >>   campaign messages (or whoever you don't like),
>  > >> obviously spoofing
>  > >>   her/his campaign headquarters caller ID and ANI.
>  > >>
>  > >>   Obtaining a new credit card from someone's mailbox
>  > >> with the sticker to
>  > >>   call from your home phone to activate the card.  Spoof
>  > >> their Caller ID
>  > >>   and ANI, activate, and buy some cool gadgets or whatever
>  > >> people do
>  > >>   with cards that don't belong to them.
>  > >>
>  > >>   Setting CallerID/ANI to clients', girlfriends',
>  > >> bosses' cell phone and
>  > >>   call until voicemail picks up, if no PIN is set, I have
>  > >> full control
>  > >>   of their voicemail (and could possibly call out, I will
>  > >> have to test
>  > >>   that with the call back option.  Then someone could
>  > >> really have some
>  > >>   fun depending on what messages they have saved)
>  > >>
>  > >>   So many exploits.....
>  > >>
>  > >>   Thanks,
>  > >>   Steve Totaro
>  > >>
>  > >>
>  >
>  >
>
>
> > _______________________________________________
>  > --Bandwidth and Colocation Provided by http://www.api-digital.com--
>  >
>  > asterisk-biz mailing list
>  > To UNSUBSCRIBE or update options visit:
>  >    http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>  _______________________________________________
>  --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
>  asterisk-biz mailing list
>  To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz
>



More information about the asterisk-biz mailing list