Scam telemarketers spoofing our NOC phone number for callerid

• Previous message (by thread): Scam telemarketers spoofing our NOC phone number for callerid
• Next message (by thread): Scam telemarketers spoofing our NOC phone number for callerid
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Scott Howard wrote:
> On Wed, Oct 6, 2010 at 8:55 AM, Jon Lewis <jlewis at lewis.org> wrote:
>
>   
>> Some do.  Anyone with control of a phone system with digital lines (i.e.
>> asterisk with PRI) can trivially set callerID to whatever they want. There
>> are perfectly legitimate, and not so legitimate uses for this.
>>
>>     
>
> You don't even need the PRI.  There's a number of SIP providers that will
> allow you to set CallerID.  In some cases they do some level of verification
> first, but in many cases it's just a free-for-all.
>
> There were some laws passed recently which makes "faking" caller-id illegal,
> although I'm not sure exactly what the details are (eg, I'm fairly sure
> sending your cell phone number from a desk phone is fine as you own both of
> them).
>
>   Scott.
>
>   
It's HR 1258 the Truth in Caller ID Act however, means nothing to
someone outside the United States and this is where the issue seems to
stem from (a huge portion).

So imagine the following:

YourCompany --> VoIP_Peer --> Euro_Company

Someone compromises something in Euro_Company, unbeknownst to that
company, they're sending YOU traffic which you in turn pass (remember
you trusted them here). Guess what? Euro_Company's PBX was sending false
Caller ID. Should you be the one held liable as an ITSP? Further
consideration:

You --> Call Dell Support --> call re-routes to West Bumfork India -->
Callee gets your callback
Yourphone --> ring ring ring --> CID: Dell 12125551234

Where is the truth there?

Anyhow, I don't know if Obama signed this into law yet.

On my phone right now, I set the caller ID to the main number of my
company so that clients take the appropriate steps in going through
Customer Service. Guess what? When I'm at home and on-call my Caller-ID
is set to my company's main number so that clients don't call me at home
on a Sunday morning. Am I committing a "despicable" act by doing this?
Is it any different than unplugging my Snom, Cisco or Polycom and
bringing it home which yields the same results.

While I do recognize the abuse (spammers, telemarketers, etc), I don't
see how a bill is going to stop this from occurring. Who knows maybe
blacklisting ITSP providers. Should we play a guessing game: "Well, it
is coming from Global Crossing..."

-- 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT

"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E

• Previous message (by thread): Scam telemarketers spoofing our NOC phone number for callerid
• Next message (by thread): Scam telemarketers spoofing our NOC phone number for callerid
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]