Go Back   AnandTech Forums > Hardware and Technology > Highly Technical

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 05-03-2012, 06:46 PM   #1
Craig234
Lifer
 
Join Date: May 2006
Posts: 32,769
Default Why can't we prevent spoofed phone number telemarketers?

Why is our phone system so insecure that no one but the NSA can find out who calls us, when the caller spoofs their phone number? That we can't block such calls?

I've gone through the 'system' as it exists - press a code to report the number that called you to law enforcement, and it'll report the 'real' number, they say.

Called the police department: they have no idea what I'm talking about or how to get the number supposedly sent to them.

Called the phone company, eventually reached the security team. Put them in touch with police.

First, the police said they have no resources to do anything about phone fraud or crime.

Second, the number the security team had - the same spoofed number as caller id. They explained when the caller spoofs their number, they can't get the real number either.

Before I send a note to my Congressman, there's a technical issue.

Why can't our phone system be better at not allowing this 'spoofing' or better tracking to be able to identify the caller or block spoofed calls?

I have the 'call rejection service' - which seems almost pointless in that you identify specific numbers but the crooks constantly use new numbers; but as bad as that is, the service is limited to only 12 numbers on the list, which is quickly exceeded - but that's another issue.

Is it feasible to ask for the government to demand improvements to the phone system, as far as the technical options for the phone companies?
Craig234 is offline   Reply With Quote
Old 05-03-2012, 07:02 PM   #2
shortylickens
No Lifer
 
shortylickens's Avatar
 
Join Date: Jul 2003
Posts: 54,665
Default

I wanna contribute to this thread but the only points I can bring up are political.
__________________
2 Timothy 4:7
shortylickens is online now   Reply With Quote
Old 05-03-2012, 09:18 PM   #3
LCTSI
Member
 
Join Date: Aug 2010
Posts: 83
Default

The problem has to be significant enough to address. Got any info on that?
LCTSI is offline   Reply With Quote
Old 05-03-2012, 09:55 PM   #4
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,708
Default

You get the caller ID. You can't fake the ANI information. The phone system itself isn't insecure, it was just a decision that the caller ID system uses data that can be manipulated. The ANI is the raw circuit routing information that if faked would cause the call to not connect. Basically callerID = DNS while ANI = the IP address. The issue is the ANI can't be sent down the analog line while caller ID is a burst of analog sound.

Spoofing also has valid uses. Nearly all business are forced to use it. If you have 2 T1's and use DID, the ANI will be the base number for that PRI + some circuit data. The caller ID however can be the proper number. So the ANI might be AZB..123132 3125551200 5 485 indicating the base number of 312-555-1200 channel 5 DID 485 which would match DID #1212. The caller ID would say 312-555-1212.

Last edited by imagoon; 05-03-2012 at 10:02 PM.
imagoon is offline   Reply With Quote
Old 05-04-2012, 01:44 AM   #5
Craig234
Lifer
 
Join Date: May 2006
Posts: 32,769
Default

Quote:
Originally Posted by imagoon View Post
You get the caller ID. You can't fake the ANI information. The phone system itself isn't insecure, it was just a decision that the caller ID system uses data that can be manipulated. The ANI is the raw circuit routing information that if faked would cause the call to not connect. Basically callerID = DNS while ANI = the IP address. The issue is the ANI can't be sent down the analog line while caller ID is a burst of analog sound.

Spoofing also has valid uses. Nearly all business are forced to use it. If you have 2 T1's and use DID, the ANI will be the base number for that PRI + some circuit data. The caller ID however can be the proper number. So the ANI might be AZB..123132 3125551200 5 485 indicating the base number of 312-555-1200 channel 5 DID 485 which would match DID #1212. The caller ID would say 312-555-1212.
Thanks for the very informative post - the question remains, how can we improve the system to not allow the abuses while meeting the legitimate needs?
Craig234 is offline   Reply With Quote
Old 05-04-2012, 08:22 AM   #6
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,708
Default

Quote:
Originally Posted by Craig234 View Post
Thanks for the very informative post - the question remains, how can we improve the system to not allow the abuses while meeting the legitimate needs?
We would need to revert the decision to allow the caller ID to be manipulated from the caller switches (pbx) or have some sort of approved list of numbers per trunk. This would require the phone company to actually care about this issue also.
imagoon is offline   Reply With Quote
Old 05-04-2012, 10:35 AM   #7
alkemyst
No Lifer
 
alkemyst's Avatar
 
Join Date: Feb 2001
Location: Corner of EPIC and ┼WESOME ST.
Posts: 81,111
Default

Quote:
Originally Posted by Craig234 View Post
Thanks for the very informative post - the question remains, how can we improve the system to not allow the abuses while meeting the legitimate needs?
Go back to only POTS.

With VoIP you need to be able to 'set' your own numbering plans.
__________________
The Masamune blade would repel the leaves and let them flow safely down the stream, while the Murasame blade would attract and cut them up.
alkemyst is offline   Reply With Quote
Old 05-04-2012, 08:17 PM   #8
alkemyst
No Lifer
 
alkemyst's Avatar
 
Join Date: Feb 2001
Location: Corner of EPIC and ┼WESOME ST.
Posts: 81,111
Default

If everyone played by the book, this would be easily handled on the outgoing external calls vs the internal ones. It's an honor system.
__________________
The Masamune blade would repel the leaves and let them flow safely down the stream, while the Murasame blade would attract and cut them up.
alkemyst is offline   Reply With Quote
Old 05-05-2012, 10:16 AM   #9
Red Squirrel
Lifer
 
Red Squirrel's Avatar
 
Join Date: May 2003
Location: Canada
Posts: 27,483
Default

I never understood it either. When you look at an IP network, you cannot spoof an IP (assuming you are establishing a 2 way connection and need data back). The receiver router will tell you the IP that is connected to it, not the IP that the connection says it has.

I don't know exactly how caller ID works (I probably should given I work for the phone company) but from my understanding it's the call display protocol actually saying "I'm so and so, and this is my number" so someone with the right equipment can easily spoof it.

A coworker as a joke used prank dialer on one of our non pbx lines at work, another coworker not knowing where it was coming from actually logged into the phone switch, not a PBX, but the actual phone switch for the whole region to post the number and see who the caller is, and even in the switch the number was showing up as like "5" or something, it was not even a valid number. You'd think the call display protocol would be more secure than that and not allow spoofing like this. Kinda like email, where you can go through the headers, the IP will be real, you can't really spoof that, unless it passes through a server that's malicious and it modifies the previous headers or something. But the end email server will tell you the actual IP that communicated with it, not an IP that was put in by the user or another system.
__________________
~Red Squirrel~
486dx2 @66Mhz turbo, 8MB ram, 512MB HDD, sound blaster 16 + 2x cdrom, Trident 1MB video card @ 640*480, 56k high speed modem.
Red Squirrel is offline   Reply With Quote
Old 05-05-2012, 01:34 PM   #10
alkemyst
No Lifer
 
alkemyst's Avatar
 
Join Date: Feb 2001
Location: Corner of EPIC and ┼WESOME ST.
Posts: 81,111
Default

There are ways to hide the original IP though...

If you understand the methods behind VoIP and how it works internally vs externally you will understand the reasons better.

In the end from anyone that would truly need the ANI, it's available. Unfortunately the bell carriers don't extend that ANI ability to the customer. ANI also works when you block your number.
__________________
The Masamune blade would repel the leaves and let them flow safely down the stream, while the Murasame blade would attract and cut them up.
alkemyst is offline   Reply With Quote
Old 05-06-2012, 10:17 PM   #11
stevech
Senior Member
 
Join Date: Jul 2010
Posts: 203
Default

If the telephone industry was still a regulated monopoly, there wouldn't be nefarious VOIPers and the like enabling faked caller ID.

Deregulation in the US - as an ideology: nice.
Reality: we pay more post-deregulation.
But the flaws in telephone industry deregulation pale by comparison to those of electricity and somewhat analogous, natural gas.
stevech is offline   Reply With Quote
Old 05-07-2012, 08:29 AM   #12
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,708
Default

Quote:
Originally Posted by stevech View Post
If the telephone industry was still a regulated monopoly, there wouldn't be nefarious VOIPers and the like enabling faked caller ID.

Deregulation in the US - as an ideology: nice.
Reality: we pay more post-deregulation.
But the flaws in telephone industry deregulation pale by comparison to those of electricity and somewhat analogous, natural gas.
Nice try to spin this as political, but you could do this even when "Ma Bell" was still running the show. DID's require this feature to map the number from the PRI channel data.
imagoon is offline   Reply With Quote
Old 05-08-2012, 08:06 AM   #13
notposting
Platinum Member
 
Join Date: Jul 2005
Location: SE MI
Posts: 2,805
Default

Are you getting the effin "you are eligible to lower your credit card rates" calls. MF'ers. I get them on my cell (we have been cell only for years), they don't respect cell numbers, the do not call list, or asking to be removed from their list (why they instead waste time calling me over and over is beyond me). Most of the time the calls just die before getting to a person. Been hoping to get one for awhile to string them along for 20 minutes and totally waste their time. Maybe they will take me off their list then
notposting is offline   Reply With Quote
Old 05-08-2012, 08:09 AM   #14
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,708
Default

Quote:
Originally Posted by notposting View Post
Are you getting the effin "you are eligible to lower your credit card rates" calls. MF'ers. I get them on my cell (we have been cell only for years), they don't respect cell numbers, the do not call list, or asking to be removed from their list (why they instead waste time calling me over and over is beyond me). Most of the time the calls just die before getting to a person. Been hoping to get one for awhile to string them along for 20 minutes and totally waste their time. Maybe they will take me off their list then
Google voice takes care of that issue. Soon as I get those calls I block them with the "this number has been disconnected" message.
imagoon is offline   Reply With Quote
Old 05-08-2012, 08:09 PM   #15
PsiStar
Golden Member
 
Join Date: Dec 2005
Location: Westport, CT
Posts: 1,180
Thumbs up

Quote:
Originally Posted by imagoon View Post
Google voice takes care of that issue. Soon as I get those calls I block them with the "this number has been disconnected" message.
I use Google voice the same way
PsiStar is offline   Reply With Quote
Old 05-09-2012, 01:13 PM   #16
alkemyst
No Lifer
 
alkemyst's Avatar
 
Join Date: Feb 2001
Location: Corner of EPIC and ┼WESOME ST.
Posts: 81,111
Default

Quote:
Originally Posted by notposting View Post
Are you getting the effin "you are eligible to lower your credit card rates" calls. MF'ers. I get them on my cell (we have been cell only for years), they don't respect cell numbers, the do not call list, or asking to be removed from their list (why they instead waste time calling me over and over is beyond me). Most of the time the calls just die before getting to a person. Been hoping to get one for awhile to string them along for 20 minutes and totally waste their time. Maybe they will take me off their list then
you spent 20 mins with them, they will call back.
__________________
The Masamune blade would repel the leaves and let them flow safely down the stream, while the Murasame blade would attract and cut them up.
alkemyst is offline   Reply With Quote
Old 05-10-2012, 07:20 AM   #17
wirednuts
Diamond Member
 
Join Date: Jan 2007
Posts: 7,121
Default

Quote:
Originally Posted by PsiStar View Post
I use Google voice the same way
wow, that sounds like a killer feature. im getting close to the bandwagon... i havent changed my phone number in 12 years though
wirednuts is offline   Reply With Quote
Old 05-10-2012, 08:15 AM   #18
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,708
Default

Quote:
Originally Posted by wirednuts View Post
wow, that sounds like a killer feature. im getting close to the bandwagon... i havent changed my phone number in 12 years though
I just imported my existing one. I know I have given my life to google but yeah....
imagoon is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:56 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.