On Tue, 19 Dec 1995, A. Padgett Peterson, P.E. Information Security wrote:
> Brane21 rote:
> >One question... Outside of a 1-800 # how does one *get* ANI? I would not
> >trust CID since anyone can dial *67 before their call or have a CID block
> >put on their phone if *67 is not available in their area.
> Well you can get ANI on any line if you want to pay for it. 1-900 & 976 I
> know can get it, not sure about 700 and 500 series.
Not *any* line, since ANI is a bypoduct of the phone switching system,
it has to come off of the local switch, as it is part of the call routing,
a normal business drop doesn't have this capability. I'm not sure that
the local telco can legitmately pass ANI to a regular number, if it's due
to the switch ports, or FCC regs, I don't know.
> However the noce thing about CNID is that private/blocked calls are
> detectable before the phone is answered. You can either refuse to
> answer or re-route to a human/voice message.
CNID is sent just before the ring signal, but unlike ANI isn't used in
routing the call, it's out of band for routing, but in band as far as the
signal goes. Some CNID equipment will only store the last CNID block, making
it open to spoofing (pass the new spoofed CNID after the last ring,
before the authentication portion of the modem has grabbed it), for truely
good CNID, the ID equipment should only collect CNID on a line that is on-hook,
and before first ring. It is possible, however for CNID to not be passed by
the switch, if it can't service the request in time, and since, unlike ANI it
isn't part of the call routing, it's not the same level of assurance as
ANI, which is at least good to the outbound trunk of the originating
switch. Remember ANI is in-band for routing, but out of band for the call,
making it unspoofable. CNID is not.
It's been a while since I did voice switch work, and most of this is
gleaned from conversations, directly accurate information should be
gleaned from Telecom Digest, or your local telco. Not that anyone here
will not feel free to correct me :)
Paul D. Robertson "My statements in this message are personal opinions
net which may have no basis whatsoever in fact."
From: Brain21 <brain21 @
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT @