Scott Howard wrote:
On Wed, Oct 6, 2010 at 8:55 AM, Jon Lewis <jlewis@lewis.org> wrote:
Some do. Anyone with control of a phone system with digital lines (i.e. asterisk with PRI) can trivially set callerID to whatever they want. There are perfectly legitimate, and not so legitimate uses for this.
You don't even need the PRI. There's a number of SIP providers that will allow you to set CallerID. In some cases they do some level of verification first, but in many cases it's just a free-for-all.
There were some laws passed recently which makes "faking" caller-id illegal, although I'm not sure exactly what the details are (eg, I'm fairly sure sending your cell phone number from a desk phone is fine as you own both of them).
Scott.
It's HR 1258 the Truth in Caller ID Act however, means nothing to someone outside the United States and this is where the issue seems to stem from (a huge portion). So imagine the following: YourCompany --> VoIP_Peer --> Euro_Company Someone compromises something in Euro_Company, unbeknownst to that company, they're sending YOU traffic which you in turn pass (remember you trusted them here). Guess what? Euro_Company's PBX was sending false Caller ID. Should you be the one held liable as an ITSP? Further consideration: You --> Call Dell Support --> call re-routes to West Bumfork India --> Callee gets your callback Yourphone --> ring ring ring --> CID: Dell 12125551234 Where is the truth there? Anyhow, I don't know if Obama signed this into law yet. On my phone right now, I set the caller ID to the main number of my company so that clients take the appropriate steps in going through Customer Service. Guess what? When I'm at home and on-call my Caller-ID is set to my company's main number so that clients don't call me at home on a Sunday morning. Am I committing a "despicable" act by doing this? Is it any different than unplugging my Snom, Cisco or Polycom and bringing it home which yields the same results. While I do recognize the abuse (spammers, telemarketers, etc), I don't see how a bill is going to stop this from occurring. Who knows maybe blacklisting ITSP providers. Should we play a guessing game: "Well, it is coming from Global Crossing..." -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E