pdxusa

new phoenix telco authenticating ANI..

200 posts in this topic

PDXUSA will soon go public with ANI support, allowing for identification of "unknown" numbers. Telemarketers, collection agencies and other

large businesses such as HOTELS / MOTELS use T1 phone lines that often appear as unknown number. This can cause you to simply not answer the phone when it could be your employer or job opportunity!!

You don't need 800 numbers or call forwarding to have this and you can keep your old number.

WOW---->Not only do we provide ANI, we authenticate it with the carrier who owns the number so for the few out there who can spoof ANI, you'll find yourself running into a brick wall trying to spoof a PDXUSA telecom customer. <---WOW

0

Share this post


Link to post
Share on other sites

Really? How would you go about authenticating the ANI with the carrier? Are you simply passing the ANI as the Caller ID? I don't quite understand the concept of this nor see how it would protect your subscribers from much of anything.

[edit] The site looks fishy, too...

Edited by zoe
0

Share this post


Link to post
Share on other sites

YEA! That's that 1997ish website that I've heard sooooo much about! ^_^

0

Share this post


Link to post
Share on other sites
Really? How would you go about authenticating the ANI with the carrier? Are you simply passing the ANI as the Caller ID? I don't quite understand the concept of this nor see how it would protect your subscribers from much of anything.

[edit] The site looks fishy, too...

To answer your question: "how do we authenticate ANI"

ANI & caller ID are different from each other. We pass Caller ID name, caller ID number, call type and ANI. We'll soon offer address support!!

Authenticating ANI, known as the billing telephone number is done through dedicated secure private circuits to various tier 1 providers who cooperate in ANI validation for themselves and interconnected carriers. It basically means when we receive a specific ANI, we then send an inquiry to the provider who owns that number and they reply back with an ACK.

We go a step further and block any call which does not validate in the billing system, making ANI spoofing meaningless, because the carrier owning that number would not acknowledge the call as being placed.

The technology uses proprietary technology and been in place for a few years, however, we are the first carrier to take this to a customer usable level.

Example caller ID on a PDXUSA customers phone (Cisco 7960 or 7970)

------------------------

Jane Doe

602-555-1212

Cell/fwd, U, VAL

602-555-1000

------------------------

In the above example the call is from jane doe at 602-555-1212 and is forwarded from a cellphone, caller id is "U" for unblocked, ANI is "VAL" for validated, "ANI" is 602-555-1000, which in this case is the number the call is forwarded from.

PDXUSA offers customer the ability to reject or route types of calls such as "forwarded, cellphones, circuit trunks-T1, payphones, private numbers,etc" separately, as needed. One great example is forwarding all circuit calls (T1) to anothe rlocation alleviating an elderly family member from taking those calls while not having to screen all her calls.

We offer so much more than just ANI validation.

0

Share this post


Link to post
Share on other sites

I don't doubt what you do is neat for a price, but good God you need to improve the design of your website. You have enough money for all of this technology, but have the WORST looking pages ever. :wacko:

Edited by t3st.s3t
0

Share this post


Link to post
Share on other sites

If you don't accept calls from numbers that don't send the ACK, then how do you accept calls from carriers that don't support your 'proprietary' technology?

0

Share this post


Link to post
Share on other sites

This looks like a SPAM thread of a company advertising its services. The poster looks like a spam account created to do just that. Why is this allowed to continue? That site looks a like it was made by a retarded blind guy; Is this a joke?

0

Share this post


Link to post
Share on other sites

EDIT: calmed down

Edited by BrakeDanceJ
0

Share this post


Link to post
Share on other sites

QUESTION:

If you don't accept calls from numbers that don't send the ACK, then how do you accept calls from carriers that don't support your 'proprietary' technology?

ANSWER:

ALL tier 1 carrier support this technology and it's the responsibility of the tier 1 provider to perform validation in their behalf. Again, it's done by the tire 1 provider who maintains validation records. The only problem is when customers switch carriers and RESPORG is not updated properly and we still send ACK to old carrier failing validation. This goes away within hours.

Edited by natas
0

Share this post


Link to post
Share on other sites
QUESTION:

If you don't accept calls from numbers that don't send the ACK, then how do you accept calls from carriers that don't support your 'proprietary' technology?

ANSWER:

ALL tier 1 carrier support this technology and it's the responsibility of the tier 1 provider to perform validation in their behalf. Again, it's done by the tire 1 provider who maintains validation records. The only problem is when customers switch carriers and RESPORG is not updated properly and we still send ACK to old carrier failing validation. This goes away within hours.

Which part is then proprietary, or is this all standard in SS7?

Also, please post that 'test number' when available. I think a good number of us would love to get a shot at playing around, you did mention cash to a vulnerability finder; money is a motivator.

And jeez, speaking of money, interested in hiring a web developer/web master? Provided you allow telecommuting, I would blast you a resume in a heartbeat.

EDIT:

I checked your forum and couldn't find technical documentation, got anything you want to publicly release floating around?

Edited by natas
0

Share this post


Link to post
Share on other sites

QUESTION:

Which part is then proprietary, or is this all standard in SS7?

Also, please post that 'test number' when available. I think a good number of us would love to get a shot at playing around, you did mention cash to a vulnerability finder; money is a motivator.

ANSWER:

It is proprietary, only in tier 1 providers and further details can not be released but I will tell you it was implemented because 9/11 terrorism.

0

Share this post


Link to post
Share on other sites

Eventually you will have to release the 'technical standards', because plenty of new providers spring up any given month.

I'd personally appreciate if you posted a link to them here (on binrev) seeing as you *did* in fact start a topic about your service here; and this community is about exploration and exploitation. Not releasing them is like security through obscurity, which is like a condom: it sometimes works. I would suggest asking for the help of the hacker community. Honestly. Publish your standards, and set up a test system, plenty of people here have creative-intelligent problem solving minds that you couldn't imagine.

0

Share this post


Link to post
Share on other sites

Stop spamming your link all over the internet. I'm not gonna give you any more link love here.

0

Share this post


Link to post
Share on other sites

First off let me start by saying I mean noone disrespect from making this post. I consider all man my brother..

OK now that that's out of the way.,

I kind get the feeling this "ani" provider could really be a front for a cry for help.

To try to draw out people to test them. To find out more information about attacks..

From another view acting like their the fearness on some "oh I can fear you some ani skills kid" tip.

ANI and CN spoofing are not a big deal.

When someone wants to find you there are other feilds in ss7 that can track you.

Um..

Lets see the JIP (NPA-NXX) the call originated from..

So lets say you use nufone back in the day. They would fail 517

you set cpn with 517 as npa and the rest as what you wanted to..

That passes same network as ANI outside network as CN.

BUT the JIP would be some switch in that town and it would route back to an IP.

So when you think about it after some people know about how payphones authenticate these days..

It all just seems a mess...

Because ANI and CN can be changed and yes I referer to them as 2 separate things.

Because they have been different before.

Anyways I wonder where this is all gonna go.

Peace all

Kind Regards

greyarea

EDIT: Give me a test number. I'll fool your little system.

We can do this publicy.

PM me a number to call and paste the trace back here.

Ill show you before hand what Ill pass and youll think its real.

Just saying,,..

Edited by greyarea_4.0
0

Share this post


Link to post
Share on other sites
Really? How would you go about authenticating the ANI with the carrier? Are you simply passing the ANI as the Caller ID? I don't quite understand the concept of this nor see how it would protect your subscribers from much of anything.

[edit] The site looks fishy, too...

To answer your question: "how do we authenticate ANI"

ANI & caller ID are different from each other. We pass Caller ID name, caller ID number, call type and ANI. We'll soon offer address support!!

Authenticating ANI, known as the billing telephone number is done through dedicated secure private circuits to various tier 1 providers who cooperate in ANI validation for themselves and interconnected carriers. It basically means when we receive a specific ANI, we then send an inquiry to the provider who owns that number and they reply back with an ACK.

We go a step further and block any call which does not validate in the billing system, making ANI spoofing meaningless, because the carrier owning that number would not acknowledge the call as being placed.

The technology uses proprietary technology and been in place for a few years, however, we are the first carrier to take this to a customer usable level.

Example caller ID on a PDXUSA customers phone (Cisco 7960 or 7970)

------------------------

Jane Doe

602-555-1212

Cell/fwd, U, VAL

602-555-1000

------------------------

In the above example the call is from jane doe at 602-555-1212 and is forwarded from a cellphone, caller id is "U" for unblocked, ANI is "VAL" for validated, "ANI" is 602-555-1000, which in this case is the number the call is forwarded from.

PDXUSA offers customer the ability to reject or route types of calls such as "forwarded, cellphones, circuit trunks-T1, payphones, private numbers,etc" separately, as needed. One great example is forwarding all circuit calls (T1) to anothe rlocation alleviating an elderly family member from taking those calls while not having to screen all her calls.

We offer so much more than just ANI validation.

WOW you guys are my best friends ... I am gonna Signup for your services, then spoof numbers to my CID and get peoples address .. SWEEEEEEET ... I love you guys ...

0

Share this post


Link to post
Share on other sites

Our address services doesn't work with spoofing.

Address services are based on VALIDATED Billing Telephone Number or ANI. Validated means to take the ANI you sent (or spoofed) sending an ACK to the RESPORG for verification to verify if that customer actually placed that call. Consider it similar to a LIDB dip except in their internal billing system. Spoofing ANI will have no result and our customer will be notified, in real time that the number is not verified. Many features will not work unless validated so we ask that our customers leave this default restriction active so these calls do not ring their phone. This addresses companies like call condom & spoofcard that spoof more than just CID. While a very small percentage use this capability for non fraud pruposes, spoofing is responsible for 19-23% of the billions per year related to identity theft.

We have exhausted all known spoofing companies and VOIP hacks using asterisk boxes to exploit our faults and ready to offer a test number to anyone who thinks they can hack us. Keep in mind, spoofing ANI is not the part you will fail in....it's getting it validated against the LEC's billing tables. We will post a test number on our forum shortly.

-Mark Hahn, SE, PDXUSA.

0

Share this post


Link to post
Share on other sites

So are you saying it is not possible to do it??? Is that what you are saying?

0

Share this post


Link to post
Share on other sites

Where did you get your numbers that Caller ID spoofing is "responsible for 19-23% of the billions per year related to identity theft."

That seems like a loooooooonng stretch, since: 1.) Caller ID spoofing is relatively new for fraudulent use and 2.) identity theft is HUGE. absolutely mind bogglingly huge.

0

Share this post


Link to post
Share on other sites
Our address services doesn't work with spoofing.

Address services are based on VALIDATED Billing Telephone Number or ANI. Validated means to take the ANI you sent (or spoofed) sending an ACK to the RESPORG for verification to verify if that customer actually placed that call. Consider it similar to a LIDB dip except in their internal billing system. Spoofing ANI will have no result and our customer will be notified, in real time that the number is not verified. Many features will not work unless validated so we ask that our customers leave this default restriction active so these calls do not ring their phone. This addresses companies like call condom & spoofcard that spoof more than just CID. While a very small percentage use this capability for non fraud pruposes, spoofing is responsible for 19-23% of the billions per year related to identity theft.

We have exhausted all known spoofing companies and VOIP hacks using asterisk boxes to exploit our faults and ready to offer a test number to anyone who thinks they can hack us. Keep in mind, spoofing ANI is not the part you will fail in....it's getting it validated against the LEC's billing tables. We will post a test number on our forum shortly.

-Mark Hahn, SE, PDXUSA.

So you gonna post this text number online or what?

...

put up or stfu

EDIT:

So you gonna post this test number online or what?

...

put up or stfu

Edited by greyarea_4.0
0

Share this post


Link to post
Share on other sites

I really think this is BS. Please, PDX USA, make me think otherwise!

0

Share this post


Link to post
Share on other sites

We're nearing completion and will provide a test number you can't apoof ANI on. We'll check back soon.

0

Share this post


Link to post
Share on other sites
We're nearing completion and will provide a test number you can't apoof ANI on. We'll check back soon.

Fucking lies. Go read the threads and posts this asshole has made on the PLA forums and be almost wholly convinced he is some kind of fucking idiot or scam artist.

0

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.