joako

Caller ID is insecure, and don't trust *67 either

10 posts in this topic

It's been on my mind how to get a phone number with "ANI service" and I thought if you order remote call forwarding (RCF) and have it forwarded to a toll-free number then that might work. Last week I ordered RCF from Bellsouth The New AT&T and yes it does work! *67 is worthless, no T1's needed, no expensive equipment just 18 bucks a month.

http://wholesale.att.com/products_and_serv...resale/rcf.html

0

Share this post


Link to post
Share on other sites

yeah it works, it's also against federal trap and trace laws. I would highlight section 3121 sub-section "d" which states the following: "Whoever knowingly violates subsection (a) shall be fined under this title or imprisoned not more than one year, or both."

It's commonly referred to in the scene as a CPN trap. It used to be called an ANI trap until everybody got the idea that the ANI isn't being trapped, the CPN is. You can look at the stickied thread in Old Skool Phreaking by strom for more information about the terms.

Edited by faceman
0

Share this post


Link to post
Share on other sites

In that case, then isn't any caller ID box illegal? As well as PBX systems that record CDRs? That simply cannot apply to your own phones and phone lines.

And if this is illegal why does AT&T provide the service?

0

Share this post


Link to post
Share on other sites
In that case, then isn't any caller ID box illegal? As well as PBX systems that record CDRs? That simply cannot apply to your own phones and phone lines.

And if this is illegal why does AT&T provide the service?

I'm sorry i don't know what you mean by CDRs.

No caller ID is not illegal because if the end office receives a privacy bit from the originating office then "blocked" is sent instead off the CID info. By forwarding the line to an 800 you're are eliminating the privacy bit from the call.

Now, i'm not a lawyer, but the way i understand it, if you receive a call with a privacy bit, and you get that number any way other than the CID failing to block, you just broke the law.

Now it's slightly more complicated than that, both the legal aspect and the tech portion, but i'm not in the mood to right it all out when i know for a fact that you can search these forums and find all this information.

0

Share this post


Link to post
Share on other sites

CDR = call detail record. Most PBX systems keep a log of all calls through the system.

What I'm saying is I'm not using a "loophole" I called AT&T told them setup a new number SOLEY FOR THE PURPOSE OF FORWARDING TO AN 800 #. This isn't some hack running though an Asterisk box. If what you are saying is true then how can AT&T not preserve the privacy bit? This isn't even a phone line its something that happens 100% on their end. I know nothing of the privacy bit I don't know if someone used *67 or not when calling me I just know their phone number.

0

Share this post


Link to post
Share on other sites

Trapping CPN (and I mention CPN, because with remote call forwarding, the switch will overwrite the BTN with the number of the person who is getting billed) is nothing new, hence why people have been doing it with K7s back when it was on the old platform, and other services of sorts. The reason toll-frees have been always been singled out is because it's a known fact that the owners have always traditionally been given the billing number of the person that called. The reason for this I'm not exactly sure, but it has something to do with the fact that the person that owns the toll-free is paying for the call.<br /><br />

By forwarding the line to an 800 you're are eliminating the privacy bit from the call.
<br /><br />The privacy bit is actually still there, and anybody who is just reading caller-id on that 800 number will see that the call came in with a blocked number. Anything else that's reading CPN, or BTN will ignore the bit, though, because it's not looking for any information assosciated with caller-id.

EDIT: According to a second source, most toll-free carriers will just ignore the privacy bit, and send the number right along unmasked to the customer premises, since they have the right to see it anyways.

EDIT (again): Holy crap, CGIProxy does not like IPB scripts.

Edited by ThoughtPhreaker
0

Share this post


Link to post
Share on other sites
Replying to Caller ID is insecure, and don't trust *67 either

In other news...

  • Pope "not baptist"
  • Bears "avoid public conveniences"

:P

Edited by Fone Ranger
0

Share this post


Link to post
Share on other sites

As I pointed out on a previous thread, Magicjack apparently ignores the privacy bit and displays the calling number on ALL incoming calls...

0

Share this post


Link to post
Share on other sites

Are you sure you weren't just lucky? I remember hearing another MagicJack user saying that their 303 DID would respect the privacy bit

0

Share this post


Link to post
Share on other sites
Are you sure you weren't just lucky? I remember hearing another MagicJack user saying that their 303 DID would respect the privacy bit

Just verified w/blocked cell and landline -- all IDs are displayed with my DID 412.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now