m2mike

Callerid spoofing with calling cards

24 posts in this topic

Can anyone recommend a particular type of calling card that will allow you to either ANI fail or op divert so you can give it a number of your choosing thus spoofing the callerid?

0

Share this post


Link to post
Share on other sites

AT&T Prepaid sends a CPN of 404-461-9978 or 720-587-9978 depending on which "Prepaid access tandem" you hit (no, that is not an official term... it is what I have come to know them as though). 404 is in Atlanta and 720 is a "new" Denver area code.

When you dial the 404 and 720 numbers you get (warning: bills minutes on AT&T Prepaid so probably supervises):

You are returning a call to a prepaid calling service system and the party that called you cannot be reached at this number.

AT&T Prepaid is unable to dial toll free numbers.

0

Share this post


Link to post
Share on other sites

What do you mean by: "warning: bills minutes on AT&T Prepaid so probably supervises)"?

0

Share this post


Link to post
Share on other sites

It means that even though it's an error message, it probably still charges regular toll charges. When a call supervises, that means toll chargres start at that point. A call that doesn't supervise (most error messages like "Cannot be completed as dialed") doesn't charge you long distance tolls.

The Abstruse One

0

Share this post


Link to post
Share on other sites

Ah. Thanks for the explanation. By the way, how does the phone company know when to start charging and if to start charging? I mean if the black box doesn't work anymore then it can't be the line voltage. So how is it done?

0

Share this post


Link to post
Share on other sites

If I remember correctly, the black box does work, it's just they're watching out for it. They get suspicious if it looks like the phone's been ringing for half an hour...

0

Share this post


Link to post
Share on other sites

Nah, Verizon (my RBOC (hope I'm using the right term)) cuts you off after the phone rings like 20 - 30 times.

0

Share this post


Link to post
Share on other sites

The black box certainly does not work anymore. When the terminating switch detects the called party going off hook, only then does it connect the caller to the line, and then sends a SS7 message back to the originating switch. The details of this packet i'm sure someone else could explain, i've never looked into the protocol in depth myself.

I-Ball: this is complete nit-picking, but usualy RBOC only applies to baby bells, (bell atlantic, pac bell, qwest, ameritech, nynex, i'm forgeting two). A safer term would be LEC, local exchange carrier. But i'm sure everyone understand what you meant.

0

Share this post


Link to post
Share on other sites
I-Ball: this is complete nit-picking, but usualy RBOC only applies to baby bells, (bell atlantic, pac bell, qwest, ameritech, nynex, i'm forgeting two). A safer term would be LEC, local exchange carrier. But i'm sure everyone understand what you meant.

Original seven RBOCS formed during 1984 divestiture:

- NYNEX

- Bell Atlantic

- BellSouth

- Ameritech

- Southwestern Bell

- USWest

- Pacific Telesis

MERGER MANIA:

1997: Southwestern Bell Corporation (aka SBC) buys Pacific Telesis

1997: Bell Atlantic buys NYNEX

1998: SBC buys Ameritech

2000: Qwest buys USWest

2000: Bell Atlantic buys GTE. Bell Atlantic changes its name to Verizon.

0

Share this post


Link to post
Share on other sites

Yeah, I get confused by those few terms. (EDIT: Oh, wait. So Strom is sayingthat Verizon is an RBOC. So I was right! Wo-hoo! /END OF EDIT.)

When the terminating switch detects the called party going off hook, only then does it connect the caller to the line, and then sends a SS7 message back to the originating switch.

Okay, so how does the terminating switch detect the called party going off hook? Do they still use the voltage method? I remember hearing that SS7 (or is it "the SS7?) uses something claled "operator supervision" to find out if calls where pickedup or not. If I remember correctly it had nothing to do with real human operators but had something to do with the detection of frequency changes on the line to find out if a line's been picked up. So any info on any of that would be greatly appreciated.

And does it send the SS7 message all the way back to the originating switch or to the tandem switch right before the terminating switch? Oh..wait.. stupid question. Ofcourse it does. The signals are sent down the chain.

Edited by I-baLL
0

Share this post


Link to post
Share on other sites

Strom: When did New York Telephone come about?

0

Share this post


Link to post
Share on other sites

I can't imagine why the method for detecting the state of the subscriber loop would change. The line cards detect a circuit being made. Same as if you pick up a phone when you want to get dial tone. I've never heard of what you're talking about, but I won't say it doesn't exist somewhere.

That's not really a stupid question. I don't know, I see reasons why it could go either way. Strom should know.

0

Share this post


Link to post
Share on other sites

No, it was a stupid question because:

We have switches A-B-C-D.

A is the originating switch.

B and C are the tandme switches.

D is the terminating switch.

So my question was:

When D detects the suscriber loop (I love using needless terminology) going off-hook why does it have to send an SS7 signal straight over to A when it can just send an SS7 signal(or should I say "message"?) to C?

Answer:

Because it already does that. In order for D to send an SS7 signal to A it still has to send the signal through C and B.

So if D only sent the signal to C that the line's gone off-hook then C would turn around and tell the exact same thing to B which would relay the same message to switch A.

So saying "D send a signal to A directly" is virtually the same as me saying "D sending signal to tandem C" because in doing so D is still getting the SS7 message to A. The only difference is that the message isn't going through directly. But if it could go through directly then there wouldn't be any need for tandem switches B and C in the first place! And when I realized that I slapped myself on the forehead.

0

Share this post


Link to post
Share on other sites

Actually, no. The SS7 network is physically separate from the telephone switching network.

0

Share this post


Link to post
Share on other sites
Strom: When did New York Telephone come about?

New York Telephone was the name of AT&T's local exchange carrier in New York State from....god, probably the inception of the company right through to the point in the late eighties or early nineties when NYNEX rebranded its local exchange carriers.

0

Share this post


Link to post
Share on other sites

its pretty crazy that there are still some New York Telephone CNAM entrys in 2005.

0

Share this post


Link to post
Share on other sites
I-Ball: this is complete nit-picking, but usualy RBOC only applies to baby bells, (bell atlantic, pac bell, qwest, ameritech, nynex, i'm forgeting two).  A safer term would be LEC, local exchange carrier.  But i'm sure everyone understand what you meant.

Original seven RBOCS formed during 1984 divestiture:

- NYNEX

- Bell Atlantic

- BellSouth

- Ameritech

- Southwestern Bell

- USWest

- Pacific Telesis

MERGER MANIA:

1997: Southwestern Bell Corporation (aka SBC) buys Pacific Telesis

1997: Bell Atlantic buys NYNEX

1998: SBC buys Ameritech

2000: Qwest buys USWest

2000: Bell Atlantic buys GTE. Bell Atlantic changes its name to Verizon.

bellsouth was south central bell until...erm...I don't remember when it changed

EDIT: also it was southern bell, and they merged the 2 into bellsouth, anyway..

Edited by jedibebop
0

Share this post


Link to post
Share on other sites
Actually, no.  The SS7 network is physically separate from the telephone switching network.

Wait..it's separate from the switching system?

Here's what Wikipedia has to say:

http://en.wikipedia.org/wiki/SS7

"SS7 moved to a system in which the signalling information was out-of-band, carried in a separate signalling channel. This avoided the security problems earlier systems had, as the end user had no connection to these channels. SS6 and SS7 are referred to as so-called Common Channel Interoffice Signalling Systems (CCIS) due to their hard separation of signalling and bearer channels. However it also required a separate channel dedicated solely to signalling, but due to the rapid rise in the number of available channels at the same time this was a moot point."

So according to that it isn't completly separate from the switching system.

Or am I misunderstanding you?

Edited by I-baLL
0

Share this post


Link to post
Share on other sites
its pretty crazy that there are still some New York Telephone CNAM entrys in 2005.

CNAM? I put into AcronymFinder.com but the only telephone related results were:

CNAM Call Name Database (Sprint)

CNAM Calling Name (Caller ID)

I found the following website while googling for CNAM:

http://www.verisign.com/products-services/...age_001663.html

but I still don't understandwhat a New York Telephone CNAM entry is. I mean, from what I understand CNAM is the CID information database or even a synonym for CID. But then.. then what do you mean by New York Telephone CIDs? As in CIDs from back of the day of New York Telephone which are still valid because the customer information had never changed?

0

Share this post


Link to post
Share on other sites
Actually, no.  The SS7 network is physically separate from the telephone switching network.

Wait..it's separate from the switching system?

Type "SS7" into google and this pops up as the first link:

linktype.gif

"SSP" in this diagram is the switching service point (i.e. the end office switch that gives dial tone)

"STP" is the SS7 Signal Transfer Point switch which relays the SS7 signal.

"SCP" is a database system used to do things like 800 number translations, CNAM lookups, etc.

Note that only the link marked "F" on this diagram actually handles the DS0 you talk on; the rest is all SS7 signaling only.

0

Share this post


Link to post
Share on other sites
but I still don't understandwhat a New York Telephone CNAM entry is.

Its just the name associated with a number. CNAM is just calling name. Its stored in a database hence CNAM database. All numbers should have names associated with them, and for some reason New York Telephone has appeared a few times on random numbers in NY. I find all kinds of crazy names associated with telephone numbers when I'm backspoofing. You'll all see soon....

0

Share this post


Link to post
Share on other sites
linktype.gif

"SSP" in this diagram is the switching service point (i.e. the end office switch that gives dial tone)

"STP" is the SS7 Signal Transfer Point switch which relays the SS7 signal.

"SCP" is a database system used to do things like 800 number translations, CNAM lookups, etc.

Note that only the link marked "F" on this diagram actually handles the DS0 you talk on; the rest is all SS7 signaling only.

Note how "F" is labelled as:

"An "F" (fully associated) link connects two signaling end points (i.e., SSPs and SCPs). "F" links are not usually used in networks with STPs. In networks without STPs, "F" links directly connect signaling points."

Who's getting fucked up the ass now?! (in reference to the AT&T thread :P)

Edited by I-baLL
0

Share this post


Link to post
Share on other sites
"An "F" (fully associated) link connects two signaling end points (i.e., SSPs and SCPs). "F" links are not usually used in networks with STPs. In networks without STPs, "F" links directly connect signaling points."

Oh ok ok...it was late as hell when I posted that and I didn't realize that the diagram only describes signaling links.

0

Share this post


Link to post
Share on other sites

Oh, btw, thanks for that link. It made me understand SS7 so much better.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now