[Asterisk-Users] VoIP hackers gut Caller ID

Timothy R. McKee tim at baseworx.net
Wed Jul 7 21:04:45 MST 2004 

If he is routing tandem traffic he would be running IMTs and be SS-7
interconnected.  Hopefully his switching/prepaid equipment would have
authentication capabilities to allow the registered caller id be generated.

Note this peeve is against end-users manipulating it, not service providers.
This comment is aimed at ISDN BRIs, PRIs, and PBX (trunk-side) DS1s where
the end-user currently is able to spoof anything desired to the service
provider's switch. 


====================================================================
Timothy R. McKee


-----Original Message-----
From: asterisk-users-admin at lists.digium.com
[mailto:asterisk-users-admin at lists.digium.com] On Behalf Of David Boyd
Sent: Wednesday, July 07, 2004 17:48
To: asterisk-users at lists.digium.com
Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID

> -----Original Message-----
> From: asterisk-users-admin at lists.digium.com
> [mailto:asterisk-users-admin at lists.digium.com]On Behalf Of Timothy R.
> McKee
> Sent: Wednesday, July 07, 2004 11:58 AM
> To: asterisk-users at lists.digium.com
> Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID
>
>
> This has always been one of my pet peeves, even as I worked in the 
> industry.
> A telco switch operating a DS1 on trunk side should enforce caller-id 
> numbers to be within the range of DID numbers assigned to that trunk.  
> There should be a default DID number that is used to replace any
> *invalid* numbers
> sent on that trunk.  Note that blocked caller ids would still be 
> blocked, but the rest of the data should be corrected.  Blocking ID is 
> ok, lying about it is not.
>
> Blind trust of a non-SS7 link is a _bad_ thing.
>
> ====================================================================
> Timothy R. McKee
>
>
> -----Original Message-----
> From: asterisk-users-admin at lists.digium.com
> [mailto:asterisk-users-admin at lists.digium.com] On Behalf Of Kevin 
> Walsh
> Sent: Wednesday, July 07, 2004 10:01
> To: asterisk-users at lists.digium.com
> Subject: RE: [Asterisk-Users] VoIP hackers gut Caller ID
>
> Adam Hart [adam at teragen.com.au] wrote:
> > Chris Foster wrote:
> > > The Register is carrying a article written by Kevin Poulsen of 
> > > Securtiy Focus, calling asterisk  "..the most powerful tool for 
> > > manipulating and accessing CPN data.."
> > >
> > > I hope NuFone doesn't drop asterisk-set-able callerid's after this 
> > > article; i've been wanting that feature from voicepluse for a long 
> > > time.
> > >
> > These kind of things will be reason (excuse) for Voip to be 
> > regulated
> >
> Perhaps service providers who allow the Caller*ID to be set should 
> insist that customers provide evidence that they own the phone numbers 
> that they want to publish, and then limit the customers' choices to 
> only the numbers in their approved list.  Calling the customer on the 
> provided number(s) would be an easy way to check, and a setup fee 
> could be levied to cover the provider's time and expenses, if 
> required.
>
> Being able to discover a "blocked" Caller*ID is another matter.  Both 
> are good areas for regulation.
>
> --
>    _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
>   _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
>  _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
> _/   _/  _/_/_/_/      _/    _/_/_/  _/    _/
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

How then should a service provider who is routing tandem traffic place a
call through any other network?  This would preclude the ability for
pre-paid or post paid providers to send out traffic at the originating
customers request with correct callerid!


Dave


_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list