Why can't we prevent spoofed phone number telemarketers?

Discussion in 'Highly Technical' started by Craig234, May 3, 2012.

  1. Craig234

    Craig234 Lifer

    Joined:
    May 1, 2006
    Messages:
    35,424
    Likes Received:
    32
    Why is our phone system so insecure that no one but the NSA can find out who calls us, when the caller spoofs their phone number? That we can't block such calls?

    I've gone through the 'system' as it exists - press a code to report the number that called you to law enforcement, and it'll report the 'real' number, they say.

    Called the police department: they have no idea what I'm talking about or how to get the number supposedly sent to them.

    Called the phone company, eventually reached the security team. Put them in touch with police.

    First, the police said they have no resources to do anything about phone fraud or crime.

    Second, the number the security team had - the same spoofed number as caller id. They explained when the caller spoofs their number, they can't get the real number either.

    Before I send a note to my Congressman, there's a technical issue.

    Why can't our phone system be better at not allowing this 'spoofing' or better tracking to be able to identify the caller or block spoofed calls?

    I have the 'call rejection service' - which seems almost pointless in that you identify specific numbers but the crooks constantly use new numbers; but as bad as that is, the service is limited to only 12 numbers on the list, which is quickly exceeded - but that's another issue.

    Is it feasible to ask for the government to demand improvements to the phone system, as far as the technical options for the phone companies?
     
  2. Loading...


  3. shortylickens

    shortylickens No Lifer

    Joined:
    Jul 15, 2003
    Messages:
    63,205
    Likes Received:
    553
    I wanna contribute to this thread but the only points I can bring up are political.
     
  4. LCTSI

    LCTSI Member

    Joined:
    Aug 17, 2010
    Messages:
    93
    Likes Received:
    0
    The problem has to be significant enough to address. Got any info on that?
     
  5. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    You get the caller ID. You can't fake the ANI information. The phone system itself isn't insecure, it was just a decision that the caller ID system uses data that can be manipulated. The ANI is the raw circuit routing information that if faked would cause the call to not connect. Basically callerID = DNS while ANI = the IP address. The issue is the ANI can't be sent down the analog line while caller ID is a burst of analog sound.

    Spoofing also has valid uses. Nearly all business are forced to use it. If you have 2 T1's and use DID, the ANI will be the base number for that PRI + some circuit data. The caller ID however can be the proper number. So the ANI might be AZB..123132 3125551200 5 485 indicating the base number of 312-555-1200 channel 5 DID 485 which would match DID #1212. The caller ID would say 312-555-1212.
     
    #4 imagoon, May 3, 2012
    Last edited: May 3, 2012
  6. Craig234

    Craig234 Lifer

    Joined:
    May 1, 2006
    Messages:
    35,424
    Likes Received:
    32
    Thanks for the very informative post - the question remains, how can we improve the system to not allow the abuses while meeting the legitimate needs?
     
  7. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    We would need to revert the decision to allow the caller ID to be manipulated from the caller switches (pbx) or have some sort of approved list of numbers per trunk. This would require the phone company to actually care about this issue also.
     
  8. alkemyst

    alkemyst No Lifer

    Joined:
    Feb 13, 2001
    Messages:
    83,988
    Likes Received:
    8
    Go back to only POTS.

    With VoIP you need to be able to 'set' your own numbering plans.
     
  9. alkemyst

    alkemyst No Lifer

    Joined:
    Feb 13, 2001
    Messages:
    83,988
    Likes Received:
    8
    If everyone played by the book, this would be easily handled on the outgoing external calls vs the internal ones. It's an honor system.
     
  10. Red Squirrel

    Red Squirrel Lifer

    Joined:
    May 24, 2003
    Messages:
    39,513
    Likes Received:
    923
    I never understood it either. When you look at an IP network, you cannot spoof an IP (assuming you are establishing a 2 way connection and need data back). The receiver router will tell you the IP that is connected to it, not the IP that the connection says it has.

    I don't know exactly how caller ID works (I probably should given I work for the phone company) but from my understanding it's the call display protocol actually saying "I'm so and so, and this is my number" so someone with the right equipment can easily spoof it.

    A coworker as a joke used prank dialer on one of our non pbx lines at work, another coworker not knowing where it was coming from actually logged into the phone switch, not a PBX, but the actual phone switch for the whole region to post the number and see who the caller is, and even in the switch the number was showing up as like "5" or something, it was not even a valid number. You'd think the call display protocol would be more secure than that and not allow spoofing like this. Kinda like email, where you can go through the headers, the IP will be real, you can't really spoof that, unless it passes through a server that's malicious and it modifies the previous headers or something. But the end email server will tell you the actual IP that communicated with it, not an IP that was put in by the user or another system.
     
  11. alkemyst

    alkemyst No Lifer

    Joined:
    Feb 13, 2001
    Messages:
    83,988
    Likes Received:
    8
    There are ways to hide the original IP though...

    If you understand the methods behind VoIP and how it works internally vs externally you will understand the reasons better.

    In the end from anyone that would truly need the ANI, it's available. Unfortunately the bell carriers don't extend that ANI ability to the customer. ANI also works when you block your number.
     
  12. stevech

    stevech Senior member

    Joined:
    Jul 18, 2010
    Messages:
    203
    Likes Received:
    0
    If the telephone industry was still a regulated monopoly, there wouldn't be nefarious VOIPers and the like enabling faked caller ID.

    Deregulation in the US - as an ideology: nice.
    Reality: we pay more post-deregulation.
    But the flaws in telephone industry deregulation pale by comparison to those of electricity and somewhat analogous, natural gas.
     
  13. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    Nice try to spin this as political, but you could do this even when "Ma Bell" was still running the show. DID's require this feature to map the number from the PRI channel data.
     
  14. notposting

    notposting Diamond Member

    Joined:
    Jul 22, 2005
    Messages:
    3,469
    Likes Received:
    1
    Are you getting the effin "you are eligible to lower your credit card rates" calls. MF'ers. I get them on my cell (we have been cell only for years), they don't respect cell numbers, the do not call list, or asking to be removed from their list (why they instead waste time calling me over and over is beyond me). Most of the time the calls just die before getting to a person. Been hoping to get one for awhile to string them along for 20 minutes and totally waste their time. Maybe they will take me off their list then :D
     
  15. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    Google voice takes care of that issue. Soon as I get those calls I block them with the "this number has been disconnected" message.
     
  16. PsiStar

    PsiStar Golden Member

    Joined:
    Dec 21, 2005
    Messages:
    1,182
    Likes Received:
    0
    I use Google voice the same way
     
  17. alkemyst

    alkemyst No Lifer

    Joined:
    Feb 13, 2001
    Messages:
    83,988
    Likes Received:
    8
    you spent 20 mins with them, they will call back.
     
  18. wirednuts

    wirednuts Diamond Member

    Joined:
    Jan 26, 2007
    Messages:
    7,121
    Likes Received:
    1
    wow, that sounds like a killer feature. im getting close to the bandwagon... i havent changed my phone number in 12 years though
     
  19. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    I just imported my existing one. I know I have given my life to google but yeah....