Jump to content


Photo
- - - - -

Callerid spoofing with calling cards


  • Please log in to reply
23 replies to this topic

#1 m2mike

m2mike

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 462 posts
  • Gender:Male

Posted 05 January 2005 - 11:49 PM

Can anyone recommend a particular type of calling card that will allow you to either ANI fail or op divert so you can give it a number of your choosing thus spoofing the callerid?

#2 spoekalb

spoekalb

    DDP r0x0rz my s0x0rz

  • Agents of the Revolution
  • 1,280 posts
  • Gender:Male

Posted 07 January 2005 - 11:27 AM

AT&T Prepaid sends a CPN of 404-461-9978 or 720-587-9978 depending on which "Prepaid access tandem" you hit (no, that is not an official term... it is what I have come to know them as though). 404 is in Atlanta and 720 is a "new" Denver area code.
When you dial the 404 and 720 numbers you get (warning: bills minutes on AT&T Prepaid so probably supervises):
You are returning a call to a prepaid calling service system and the party that called you cannot be reached at this number.
AT&T Prepaid is unable to dial toll free numbers.

#3 I-baLL

I-baLL

    T0tal n00b

  • Agents of the Revolution
  • 1,373 posts
  • Country:
  • Gender:Male
  • Location:New york

Posted 08 January 2005 - 01:47 PM

What do you mean by: "warning: bills minutes on AT&T Prepaid so probably supervises)"?

#4 Abstruse

Abstruse

    Hakker addict

  • Members
  • 526 posts

Posted 08 January 2005 - 10:37 PM

It means that even though it's an error message, it probably still charges regular toll charges. When a call supervises, that means toll chargres start at that point. A call that doesn't supervise (most error messages like "Cannot be completed as dialed") doesn't charge you long distance tolls.

The Abstruse One

#5 I-baLL

I-baLL

    T0tal n00b

  • Agents of the Revolution
  • 1,373 posts
  • Country:
  • Gender:Male
  • Location:New york

Posted 08 January 2005 - 11:07 PM

Ah. Thanks for the explanation. By the way, how does the phone company know when to start charging and if to start charging? I mean if the black box doesn't work anymore then it can't be the line voltage. So how is it done?

#6 phracktalism

phracktalism

    elite

  • Members
  • 121 posts

Posted 08 January 2005 - 11:32 PM

If I remember correctly, the black box does work, it's just they're watching out for it. They get suspicious if it looks like the phone's been ringing for half an hour...

#7 I-baLL

I-baLL

    T0tal n00b

  • Agents of the Revolution
  • 1,373 posts
  • Country:
  • Gender:Male
  • Location:New york

Posted 09 January 2005 - 02:16 AM

Nah, Verizon (my RBOC (hope I'm using the right term)) cuts you off after the phone rings like 20 - 30 times.

#8 hoho

hoho

    SUP3R 31337

  • Members
  • 182 posts

Posted 09 January 2005 - 04:54 PM

The black box certainly does not work anymore. When the terminating switch detects the called party going off hook, only then does it connect the caller to the line, and then sends a SS7 message back to the originating switch. The details of this packet i'm sure someone else could explain, i've never looked into the protocol in depth myself.

I-Ball: this is complete nit-picking, but usualy RBOC only applies to baby bells, (bell atlantic, pac bell, qwest, ameritech, nynex, i'm forgeting two). A safer term would be LEC, local exchange carrier. But i'm sure everyone understand what you meant.

#9 Strom Carlson

Strom Carlson

    Nub

  • Members
  • 2,575 posts
  • Gender:Male
  • Location:Los Angeles

Posted 09 January 2005 - 06:08 PM

I-Ball: this is complete nit-picking, but usualy RBOC only applies to baby bells, (bell atlantic, pac bell, qwest, ameritech, nynex, i'm forgeting two). A safer term would be LEC, local exchange carrier. But i'm sure everyone understand what you meant.

Original seven RBOCS formed during 1984 divestiture:
- NYNEX
- Bell Atlantic
- BellSouth
- Ameritech
- Southwestern Bell
- USWest
- Pacific Telesis


MERGER MANIA:
1997: Southwestern Bell Corporation (aka SBC) buys Pacific Telesis
1997: Bell Atlantic buys NYNEX
1998: SBC buys Ameritech
2000: Qwest buys USWest
2000: Bell Atlantic buys GTE. Bell Atlantic changes its name to Verizon.

#10 I-baLL

I-baLL

    T0tal n00b

  • Agents of the Revolution
  • 1,373 posts
  • Country:
  • Gender:Male
  • Location:New york

Posted 09 January 2005 - 07:21 PM

Yeah, I get confused by those few terms. (EDIT: Oh, wait. So Strom is sayingthat Verizon is an RBOC. So I was right! Wo-hoo! /END OF EDIT.)

When the terminating switch detects the called party going off hook, only then does it connect the caller to the line, and then sends a SS7 message back to the originating switch.


Okay, so how does the terminating switch detect the called party going off hook? Do they still use the voltage method? I remember hearing that SS7 (or is it "the SS7?) uses something claled "operator supervision" to find out if calls where pickedup or not. If I remember correctly it had nothing to do with real human operators but had something to do with the detection of frequency changes on the line to find out if a line's been picked up. So any info on any of that would be greatly appreciated.


And does it send the SS7 message all the way back to the originating switch or to the tandem switch right before the terminating switch? Oh..wait.. stupid question. Ofcourse it does. The signals are sent down the chain.

Edited by I-baLL, 09 January 2005 - 08:24 PM.


#11 I-baLL

I-baLL

    T0tal n00b

  • Agents of the Revolution
  • 1,373 posts
  • Country:
  • Gender:Male
  • Location:New york

Posted 09 January 2005 - 07:33 PM

Strom: When did New York Telephone come about?

#12 hoho

hoho

    SUP3R 31337

  • Members
  • 182 posts

Posted 09 January 2005 - 08:02 PM

I can't imagine why the method for detecting the state of the subscriber loop would change. The line cards detect a circuit being made. Same as if you pick up a phone when you want to get dial tone. I've never heard of what you're talking about, but I won't say it doesn't exist somewhere.

That's not really a stupid question. I don't know, I see reasons why it could go either way. Strom should know.

#13 I-baLL

I-baLL

    T0tal n00b

  • Agents of the Revolution
  • 1,373 posts
  • Country:
  • Gender:Male
  • Location:New york

Posted 09 January 2005 - 08:23 PM

No, it was a stupid question because:

We have switches A-B-C-D.

A is the originating switch.

B and C are the tandme switches.

D is the terminating switch.

So my question was:

When D detects the suscriber loop (I love using needless terminology) going off-hook why does it have to send an SS7 signal straight over to A when it can just send an SS7 signal(or should I say "message"?) to C?

Answer:

Because it already does that. In order for D to send an SS7 signal to A it still has to send the signal through C and B.

So if D only sent the signal to C that the line's gone off-hook then C would turn around and tell the exact same thing to B which would relay the same message to switch A.

So saying "D send a signal to A directly" is virtually the same as me saying "D sending signal to tandem C" because in doing so D is still getting the SS7 message to A. The only difference is that the message isn't going through directly. But if it could go through directly then there wouldn't be any need for tandem switches B and C in the first place! And when I realized that I slapped myself on the forehead.

#14 Strom Carlson

Strom Carlson

    Nub

  • Members
  • 2,575 posts
  • Gender:Male
  • Location:Los Angeles

Posted 09 January 2005 - 09:29 PM

Actually, no. The SS7 network is physically separate from the telephone switching network.

#15 Strom Carlson

Strom Carlson

    Nub

  • Members
  • 2,575 posts
  • Gender:Male
  • Location:Los Angeles

Posted 09 January 2005 - 09:30 PM

Strom: When did New York Telephone come about?

New York Telephone was the name of AT&T's local exchange carrier in New York State from....god, probably the inception of the company right through to the point in the late eighties or early nineties when NYNEX rebranded its local exchange carriers.

#16 natas

natas

    De La Natas

  • Agents of the Revolution
  • 4,273 posts
  • Gender:Male
  • Location:The Old Skool

Posted 09 January 2005 - 09:46 PM

its pretty crazy that there are still some New York Telephone CNAM entrys in 2005.

#17 jedibebop

jedibebop

    Dangerous free thinker

  • Members
  • 1,935 posts

Posted 09 January 2005 - 09:52 PM

I-Ball: this is complete nit-picking, but usualy RBOC only applies to baby bells, (bell atlantic, pac bell, qwest, ameritech, nynex, i'm forgeting two).  A safer term would be LEC, local exchange carrier.  But i'm sure everyone understand what you meant.

Original seven RBOCS formed during 1984 divestiture:
- NYNEX
- Bell Atlantic
- BellSouth
- Ameritech
- Southwestern Bell
- USWest
- Pacific Telesis


MERGER MANIA:
1997: Southwestern Bell Corporation (aka SBC) buys Pacific Telesis
1997: Bell Atlantic buys NYNEX
1998: SBC buys Ameritech
2000: Qwest buys USWest
2000: Bell Atlantic buys GTE. Bell Atlantic changes its name to Verizon.

bellsouth was south central bell until...erm...I don't remember when it changed

EDIT: also it was southern bell, and they merged the 2 into bellsouth, anyway..

Edited by jedibebop, 09 January 2005 - 09:55 PM.


#18 I-baLL

I-baLL

    T0tal n00b

  • Agents of the Revolution
  • 1,373 posts
  • Country:
  • Gender:Male
  • Location:New york

Posted 09 January 2005 - 09:59 PM

Actually, no.  The SS7 network is physically separate from the telephone switching network.

Wait..it's separate from the switching system?

Here's what Wikipedia has to say:

http://en.wikipedia.org/wiki/SS7

"SS7 moved to a system in which the signalling information was out-of-band, carried in a separate signalling channel. This avoided the security problems earlier systems had, as the end user had no connection to these channels. SS6 and SS7 are referred to as so-called Common Channel Interoffice Signalling Systems (CCIS) due to their hard separation of signalling and bearer channels. However it also required a separate channel dedicated solely to signalling, but due to the rapid rise in the number of available channels at the same time this was a moot point."

So according to that it isn't completly separate from the switching system.

Or am I misunderstanding you?

Edited by I-baLL, 09 January 2005 - 10:00 PM.


#19 I-baLL

I-baLL

    T0tal n00b

  • Agents of the Revolution
  • 1,373 posts
  • Country:
  • Gender:Male
  • Location:New york

Posted 09 January 2005 - 10:08 PM

its pretty crazy that there are still some New York Telephone CNAM entrys in 2005.

CNAM? I put into AcronymFinder.com but the only telephone related results were:

CNAM Call Name Database (Sprint)
CNAM Calling Name (Caller ID)

I found the following website while googling for CNAM:

http://www.verisign....age_001663.html

but I still don't understandwhat a New York Telephone CNAM entry is. I mean, from what I understand CNAM is the CID information database or even a synonym for CID. But then.. then what do you mean by New York Telephone CIDs? As in CIDs from back of the day of New York Telephone which are still valid because the customer information had never changed?

#20 Strom Carlson

Strom Carlson

    Nub

  • Members
  • 2,575 posts
  • Gender:Male
  • Location:Los Angeles

Posted 10 January 2005 - 02:51 AM

Actually, no.  The SS7 network is physically separate from the telephone switching network.

Wait..it's separate from the switching system?

Type "SS7" into google and this pops up as the first link:

Posted Image

"SSP" in this diagram is the switching service point (i.e. the end office switch that gives dial tone)

"STP" is the SS7 Signal Transfer Point switch which relays the SS7 signal.

"SCP" is a database system used to do things like 800 number translations, CNAM lookups, etc.

Note that only the link marked "F" on this diagram actually handles the DS0 you talk on; the rest is all SS7 signaling only.




BinRev is hosted by the great people at Lunarpages!