[VOIPSEC] VoIP and Fraud

Brian Rosen br at brianrosen.net
Sat Mar 12 12:54:44 CST 2005 

It's ANI, not CallerId. 

Some VoIP providers do have actual E911 services.  There are two mechanisms
in use today.  One has calls routed to the correct PSAP, but to
administrative (PSTN dialable, non-emergency) lines, and do not supply
location.  It's something, better than nothing.

Some carriers who operate in a defined area and do not allow roaming put
calls into the wireline E911 system, routing emergency calls to the
Selective Router, which is the special purpose E911 tandem, and have real
ALI records based on the subscriber TN.

Brian

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of natas natas
> Sent: Thursday, March 10, 2005 7:31 PM
> To: Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] VoIP and Fraud
> 
> When you say CLID are your referring to the ANI (Billing Telephone
> Number) or Caller ID? Why would such an important system like E911
> only rely on Caller ID information??? These commercially available
> sites that offer Caller ID spoofing do not spoof any sort of ANI,
> which is what I was told E911 utilized. Also, I don't believe that any
> of these spoofing sites have access to E911 services as their carriers
> do not have access to E911 at this time, so the only way to do
> anything to E911 would be through a backdoor POTS number.
> 
> I also see this as a security problem and not a fraud problem.
> 
> -Natas
> 
> Mark Fletcher fletch at nortel.com writes:
> >Take the E911 system for example, no location data is actually 'passed'
> from
> >the origination point. The E911 Location screen is populated at the
> >dispatcher console based on a ALI database dip using the CLID as the
> index.
> >So for example in NJ, I can be in Atlantic City, hit a local PRI trunk
> with
> >spoofed CLID, and end up at a PSAP in Newark (practically the other end
> of
> >the State). E911 routing is based on CLID and nothing else, and
> >unfortunately that is now easier to spoof.
> 
> 
> Mark Fletcher fletch at nortel.com writes:
> > There are many potential areas, but one that concerns me is the
> > ability for a user to easily spoof their Caller ID. Typically this has
> > only been available to administrators of a PBX with PRI circuits. Many
> > call this 'security via obscurity'. By spoofing CLID, a caller could
> > raise havoc with Emergency Services and the national E9-1-1 system, or
> > use a spoofed CLID to socially engineer people into giving up personal
> > information.
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list