On Wed, 6 Oct 2010, Matthew Huff wrote:
Digital all the way through. No sip. No outside access to the PBX subnet either. Just a mininute ago our telco has verified that the calls are not orginating from out phone system. It's a simple caller id spoofing. People don't realize that caller id can be spoofed and therefore are 100% sure that we are makign the harrasing calls.
Some do. Anyone with control of a phone system with digital lines (i.e. asterisk with PRI) can trivially set callerID to whatever they want.
That's not correct; what is true is that *some* LEC's do not filter the callerID submitted and so this is *sometimes* true. There are many examples where a LEC does not accept random callerID's from a PRI customer. Sometimes this is even problematic, for example, when the LEC helpfully inserts the callerID *they* think is correct and it's actually wrong.
There are perfectly legitimate, and not so legitimate uses for this.
Yes. It's very useful, for example, to be able to generate your cell phone's callerID from your PBX, since people have a habit of dialing you from the number you called, even if you specifically asked them to use a different callback number.
However, SIP scanning and brute forcing has become really common, so it's about as likely that a phone system has been compromised as someone is forging callerID to one of its numbers.
Correct. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.