[Asterisk-Users] calling card application
Klaus Darilion
klaus.mailinglists at pernau.at
Tue May 25 11:20:33 MST 2004
Jeremy Hall wrote:
> If by authentication by mobile number you mean the caller ID received,
> that is not secure at all. CallerID is very easy to spoof when you have
> a digital line (certain types, of course.) For example, when I call out
> from my Asterisk box, if I prefix the number with 9, it sends my correct
> CallerID information. If I prefix the number with 8, it sends the
> number I am calling as the CID. I can just as easily set that to show
> random numbers, or a mobile number I know will give me pre-paid minutes
> on XYZ company's long distance account.
Is it really possible to spoof the CID? Shouldn't the PSTN provider (the
company which gave you the E1 link) verfiy that the CID you're sending
into the PSTN is correct (i.e. is in your number range), and put in a
correct one if it's false?
I think that's the way it should be in Austria.
regards,
klaus
More information about the asterisk-users
mailing list