[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CID



C.I.D.:

[ I agree that we should take the discussion off this list.  Both the
original poster and myself asked for suggestions of more appropriate
forums to continue in.  I also asked for replies to be directed to me
personally, not to list.  This is only in reply to Vail's public msg.]



As I understand the whole SS-7/ANI/CID thing, CO generates the field
("header") only when a previous one is not already present in the call.

I'm no phrexpert, but we've done some experiments nevertheless and
emperically our evidence supports this:  So I will paraphrase part
of an original post to make it clear.  It deals with call diverters (not
Telco's "Call forwarding", but the private box you put on one line at
home to personally direct all incoming calls to a second outgoing line.
You can also steer calls through a PBX, of course, but lets keep
the example simple. Nevertheless the end result is the same.)

Pay attention now.  Let's say that in my home I have a call diverter
installed on my incoming line (line 1), forwarding - via my outcoming
line (2) - all calls to Lunatic Labs.  At the Labs, we have ANI.  You
call my home, but I am not there.  Because of the diverter, your call
gets steered to the Labs instead.  Sit up straight now, this is where to
fun part begins.  WHICH OF THESE 2 NUMBERS ARE DISPLAYED AS CALLER ID?
Your home phone number? (Who made the original call) Or that of my line
no.2 at home? (Who actually made the last call, the one to the Labs).

Surprise: Your number!  (Original poster already said so, of course).
Before SS7, you would route your call through a handful of diverters and
stuff if you didn't want to be traced.  Now there is no escaping.  The
first and original Caller ID follows the call no matter how you twist it
around.  If it is not there, it will be created.  If it is there, your
CO simply acts as a substation, it seems, not inserting any ID. Again, I
am no expert, but you can experiment with this yourself and you will get
the same result.  Interesting.

*67 is merely a privacy indicator (a "P" prefix) suppressing the
DISPLAYING of the information, but it is still there and still stored in
the computer. Because if the system is serious enough about getting
your number, it can pick the call information straight up off layer 4 o
the call - in other words, your call information, instead of stopping
stone cold at the diverter, was passed from node to node up to your
intended system. Cute, eh? .. but only if you're BEHIND the trigger.

So, what can be done about it?  Like I said yesterday, if you have the
skills, we can perhaps but some code together that will let us build our
own counterfeit CID fields.

I have my doubts that a standard modem will be up to the task, this is
just a hunch, maybe we will have to put some special electronics
together to get the right tones.  But I am a babe in the woods, just
commenting on a paper I got thrown my way (and nothing illegal, merely
sort of like the 911-information which means that the bad guys don't
want us to have it but that it is publicly available nevertheless if you
just know where to look for it).

Bottom line:  We know now the exact structure (frequencies, duration,
etc) of the CID. This enables us to code a tool to let us construct
replicas.  While you are really the originator of the call, your
telco won't think so, because the call they get already has the
CID header and thus they won't add their own. They will think
they are merely getting an already forwarded call, not a first.

Does this sound like complete hogwash? Comments wanted, please.


     @@@@        This message has been brought to you by
    @ .. @  PETE "THE WIMP" WATKINS...BASICALLY SPINELESS(tm)
    | __ |
     \__/     <---Digitized representation of Pete Watkins

    My e-mail address is <[email protected]>


--
wimp
---
(Forwarded via remailer)