[Asterisk-Users] VoIP hackers gut Caller ID

Alex asterisk-users at connectglobe.com
Sat Jul 10 22:29:51 MST 2004


Hi Guys,

This topic has become pretty much pointless. CallerID was never designed to
be any kind of authentication scheme. Also, it is very hard for telco to
restrict proper usage of CallerID in PRI or SS7 (Please consider number
protability, etc.)

We all already agreed on fact that author of this article are moron.

Let's not discuss any ideas of making CallerID secure or ajusting IAX to
carry 2 or 3 CallerID records. All of this is pointless.

If someone conducts business based on CallerId, it's up to them. If somebody
comits crime with fake CallerID, it's also fine. People, this world is not
perfect. There are thousands of telco companies where you will be able to
find somebody who does not enforce proper CallerID. There are bunch of
"telephony guys" who can do a lot of stuff, which you can't even think about
it.

But people, please do not write articles like that and do not publish it on
MSNBC, NY Times and CNN.

Thanks,



Aleksandr Palatkevich
BPVN Technologies Inc.
http://www.pipeboost.com/
Phone: (917) 723-0306
Fax: (212) 937-2170


-----Original Message-----
From: asterisk-users-admin at lists.digium.com
[mailto:asterisk-users-admin at lists.digium.com] On Behalf Of Nicolas Bougues
Sent: Saturday, July 10, 2004 7:34 PM
To: asterisk-users at lists.digium.com
Subject: Re: [Asterisk-Users] VoIP hackers gut Caller ID

On Wed, Jul 07, 2004 at 11:57:31AM -0400, Timothy R. McKee wrote:
> This has always been one of my pet peeves, even as I worked in the
industry.
> A telco switch operating a DS1 on trunk side should enforce caller-id
> numbers to be within the range of DID numbers assigned to that trunk.
There
> should be a default DID number that is used to replace any *invalid*
numbers
> sent on that trunk.  Note that blocked caller ids would still be blocked,
> but the rest of the data should be corrected.  Blocking ID is ok, lying
> about it is not.
> 
> Blind trust of a non-SS7 link is a _bad_ thing. 
> 

PRI signalling enables "Network provided" or "User provided"
caller-id. Maybe IAX could implement such a thing.

It's very common in France (at least) :
- the network will provided a guaranteed caller-id
- the user (CPE) may provide another one (usually, a DID number)

and the called party gets both. Unfortunatly, as far as I understand,
Asterisk is not really designed to handle more than one caller id
number.

-- 
Nicolas Bougues
Axialys Interactive
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list