[oclug] Caller ID spoofing, redirection and such
farrell at cyberia.coldstream.ca
farrell at cyberia.coldstream.ca
Tue Apr 26 18:10:20 EDT 2005
For a long time, it has been know that you can spoof caller ID.
In oldskool days, it was done by hacking the switch, these days, all it
takes is a bit of software.
For example here is the URL of the first article on a google search:
http://www.rootsecure.net/?p=reports/callerid_spoofing
But even before that, back when the service was first offered, you could, if
you were a good enough phone phreak, spoof things by hacking the
switch...which for a long time, was a moderately easy thing to do.
As for guarding against re-directs...again that has been easy to do for a
long time *if* you knew what you were doing. Phone Phreaks would do this for
all sorts of things.
With the rise of smaller, cheaper corporate PBXs, a huge amount of phreaking
happened as many of the systems were even more wide open, and could be
exploited with ease. And, of course, this is even easier if you own the PBX,
and are doing something nefarious like illegal phishing/telemarketing.
These days, the use of tools like Asterisk (An open source software PBX
implementation), and various soft phone software, spoofing your caller ID
outgoing number and doing redirection is very easy.
So, as a casual screening device, callerID is OK...but if you are depending
on it for protection....as they say, let the buyer beware!
ttyl
Farrell J. McGovern
More information about the OCLUG
mailing list