|
|
Message Digest
Volume 28 : Issue 284 : "text" Format
Messages in this Issue:
Re: Telephone number spoofing
Re: Telephone number spoofing
Re: Telephone number spoofing
Re: New Internationalized domain names are coming
Re: New top-level domain names are coming
Re: New top-level domain names are coming
Re: New top-level domain names are coming
Re: New top-level domain names are coming
Re: Telephone number spoofing
Re: NYPD knows who you've been talking to. And where
Re: New top-level domain names are coming
Morse (Was: Western Union's satellite loss)
====== 28 years of TELECOM Digest -- Founded August 21, 1981 ======
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Patrick Townson and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using -any name or email address-
included herein for -any- reason other than responding to an article
herein, you agree to pay a hundred dollars to the recipients of the
email.
===========================
Addresses herein are not to be added to any mailing list, nor to be
sold or given away without explicit written consent. Chain letters,
viruses, porn, spam, and miscellaneous junk are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we
are naive enough to believe that we will ever stamp it out, but because
we do not want the kind of world that results when no one stands
against crime. Geoffrey Welsh
===========================
See the bottom of this issue for subscription and archive details
and the name of our lawyer, and other stuff of interest.
Date: Thu, 15 Oct 2009 01:18:12 -0700
From: Sam Spade <sam@coldmail.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: Telephone number spoofing
Message-ID: <8VABm.27027$QG1.19422@newsfe23.iad>
Tom Horne wrote:
> Can anyone explain, using [layman's] terminology, how callers get
> their phone number to show up as [that of] another subscriber or a
> non-existent telephone number? What would be the cost of putting an
> end to this capability? Does anyone know of a cost-effective way of
> avoiding receiving calls that are falsely numbered?
>
> I often get such calls at the fire house where I volunteer, from bill
> collectors and sales types. I only learn they are spoofed when I try
> to call back to get them to take the number off of their database. I
> get to turn those over to Department of Information Systems Technology
> (DIST) personnel and they must do something about them because I get
> very few repeats.
>
> Obviously there has to be some way to put a stop to this nonsense.
> The real question is how much will it cost and who will pay.
>
> --
> Tom Horne
>
If they have the right type of business service trunk (someone here can
explain the technical term) then they are free to deliver their own
calling party number identification into the system. This spoofing is
on the increase because the FCC's enforcement posture has gone down the
tubes over the past several years.
In other words, the FCC just doesn't care and the states usually can't
inforce it because they have no jursidiction over interstate antics.
Date: Thu, 15 Oct 2009 09:53:19 -0700
From: Thad Floryan <thad@thadlabs.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: Telephone number spoofing
Message-ID: <4AD7537F.3090900@thadlabs.com>
On 10/15/2009 1:18 AM, Sam Spade wrote:
> Tom Horne wrote:
>> Can anyone explain, using [layman's] terminology, how callers get
>> their phone number to show up as [that of] another subscriber or a
>> non-existent telephone number? What would be the cost of putting an
>> [...]
>
> If they have the right type of business service trunk (someone here can
> explain the technical term) then they are free to deliver their own
> calling party number identification into the system. This spoofing is
> on the increase because the FCC's enforcement posture has gone down the
> tubes over the past several years.
>
> In other words, the FCC just doesn't care and the states usually can't
> inforce it because they have no jursidiction over interstate antics.
Googling "spoof caller id" reveals how to do it many ways (free and not).
Additional info here: http://en.wikipedia.org/wiki/Caller_ID_spoofing
Date: Thu, 15 Oct 2009 22:02:12 -0400
From: "r.e.d." <red-nospam-99@mindspring.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: Telephone number spoofing
Message-ID: <FsqdnZ78J8StSUrXnZ2dnUVZ_rmdnZ2d@earthlink.com>
"Sam Spade" <sam@coldmail.com> wrote in message
news:8VABm.27027$QG1.19422@newsfe23.iad...
> Tom Horne wrote:
>> Can anyone explain, using [layman's] terminology, how callers get
>> their phone number to show up as [that of] another subscriber or a
>> non-existent telephone number? What would be the cost of putting an
>> end to this capability? Does anyone know of a cost-effective way of
>> avoiding receiving calls that are falsely numbered?
>>
>> I often get such calls at the fire house where I volunteer, from bill
>> collectors and sales types. I only learn they are spoofed when I try
>> to call back to get them to take the number off of their database. I
>> get to turn those over to Department of Information Systems Technology
>> (DIST) personnel and they must do something about them because I get
>> very few repeats.
>>
>> Obviously there has to be some way to put a stop to this nonsense.
>> The real question is how much will it cost and who will pay.
>>
>> --
>> Tom Horne
>>
>
> If they have the right type of business service trunk (someone here can
> explain the technical term) then they are free to deliver their own
> calling party number identification into the system. This spoofing is on
> the increase because the FCC's enforcement posture has gone down the tubes
> over the past several years.
>
> In other words, the FCC just doesn't care and the states usually can't
> inforce it because they have no jursidiction over interstate antics.
>
I never really understood this.
Years ago I worked on ISDN at Bell Labs. The Primary Rate Interface
Specification, TR 41459, allowed PRI subscribers to specify, even on a
call-by-call basis, whether on an incoming call they wanted to receive
the "Calling Party Number" (CPN) or the "Billing Number" (BN). The
CPN is indeed provided by the caller's customer-premises equipment and
can be "spoofed" (a playful word that people use instead of "lie").
The purpose of having it provided is so PBX's can deliver the
direct-inward-dialing number of a phone connected to the PBX. My 1999
copy of 41459 contains the following: "For domestic calls, the network
will not check whether the CPN will be meaningful for the terminating
user." Which means that the calling equipment can lie about the
number. The Billing Number, however, is network provided and cannot
be spoofed.
Digression: The one additional point I also never understood is that
in the 41459 description of the Calling Party Number Information
Element (section 3.6.5.9 of the 1999 revision) there is a two-bit
field called "Screening indicator" whose values are
00 = user provided, not screened
01 = user provided, verified and passed
10 = user provided, verified and not passed
11 = network provided.
Presumably this is delivered to the called party who subscribes to PRI
terminating service. I never knew "verified" means in this context.
In principle it could mean that the user-provided number falls within
the range of numbers assigned to the calling party, and if it failed
verification that could mean it was spoofed. End digression.
But the real point I want to make is that at least at a call's
terminating toll switch (41459 was for "direct connection" to the AT&T
network, which meant a 4ESS), the switch generally received both the
CPN and BN. Terminating PRI subscribers could/can choose to receive
either number. I'm not very SS7 knowledgeable and don't understand
how both these numbers are transmitted on the AT&T network. The
Initial Address Message contains a "Calling Party Number" information
element. Does AT&T send two of these, marking one as the billing
number?
The question now is for calls going to phones on a local switch
whether the CPN and BN numbers are both sent (at least by AT&T) to the
local exchange network. If so, the LEC would have access to the
(unspoofable) billing number and could use it in tracking spoofed
CPN's.
I need someone with a bit more expertise here to help me fill in the
gaps.
R.E.D.
Date: Wed, 14 Oct 2009 23:33:30 -0700
From: Thad Floryan <thad@thadlabs.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: New Internationalized domain names are coming
Message-ID: <4AD6C23A.8060104@thadlabs.com>
On 10/14/2009 9:03 PM, Thad Floryan wrote:
> [...]
> Copy'n'pasting the URL above into a browser's (Firefox, Safari, Opera,
> even IE8) URL box caused the browser to visited a page as you described.
>
> Clicking on the URL inline in your message caused all my email clients
> to state (paraphrased) "the URL is not valid and cannot be loaded".
>
> Unless there's something I'm not seeing (or understanding), the intent
> of the (new) proposed change is to permit someone to enter a URL in
> Cyrllic directly ("HaNDeM.com" (найдем.com)), so who/what/when
> [...]
>
> ***** Moderator's Note *****
>
> I just tested the URL with Thunderbird, and clicking on it brought up
> the web page. Please note, however, that I added the "http://" in
> front of John's domain example, so that (most) news readers and email
> clients would show it as a clickable link. If that wasn't the right
> thing to do, my apologies to John.
The "http://" should be OK.
> N.B.: Since the "official" charset of The Digest is ISO-8859-1, and your
> post uses utf-8, I can't tell if your example will render correctly in
> all readers.
>
> Bill Horne
> Moderator
Interesting. My default is also ISO-8859-1 and, when sending, I wasn't
alerted to a change to UTF-8 presumably due to actually including the
Cyrillic version of the example URL. Hmmm, yet another problem to
examine/fix.
With one month to go until the changeover, I'm surprised there aren't
more heads-up posted regarding the changes about which I have a "gut"
feeling will not transition smoothly (especially on legacy systems).
I'm glad I'm retiring this year. :-)
***** Moderator's Note *****
This post was also in utf-8.
Date: Thu, 15 Oct 2009 08:35:43 +0000 (UTC)
From: Koos van den Hout <koos+newsposting@kzdoos.xs4all.nl>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: New top-level domain names are coming
Message-ID: <hb6msv$l7h$5@kzdoos.xs4all.nl>
Telecom Digest Moderator <telecomdigestmoderator.remove-this@and-this-too.telecom.csail.mit.edu> wrote in <4AD661D2.5080505@speakeasy.net>:
> P.S. I've got dibs on "horne": my email will be wildbill@horne in
> 2012. ;-)
Way back when I first learned about this Internet thing and Internet
e-mail, using user@name with no dots in the name ment: the *local*
mailserver with that name, so one would use that to send
mail from userA@server1 to userB@server2 without having to type
userB@server1.subdomain.topleveldomain. A lot of software still assumes
that names without dots can be affixed with the local domain name or
search domain.
For example, when I try your ideal name in a search for a mailserver at home:
$ host -vt mx horne
Trying "horne.idefix.net"
Trying "horne.koos.koffie.dot"
Trying "horne"
Host horne not found: 3(NXDOMAIN)
Received 98 bytes from 2001:888:1011::694#53 in 0 ms
Now when any toplevel domain can be in use and when people start to use
e-mail addresses like you write your ideal address, software will be fixed
to assume e-mail addresses are always fully qualified, even when there is
no . in the righthandside. But expect interesting problems when this is
first implemented.
On the other hand, spammers have broken e-mail enough that this will
probably be just a minor problem.
Koos van den Hout
--
Koos van den Hout, PGP keyid DSS/1024 0xF0D7C263 via keyservers
koos@kzdoos.xs4all.nl or RSA/1024 0xCA845CB5
Weather maps from free sources at
http://idefix.net/~koos/ http://weather.idefix.net/
Date: Thu, 15 Oct 2009 13:29:24 -0500
From: John Mayson <john@mayson.us>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: New top-level domain names are coming
Message-ID: <B80EE9E3-25BB-4094-B548-13563EC46C38@mayson.us>
I thought the idea was people and corporations could create their own
TLD at an enormous cost (6 figures). If I were to create mayson I
would still need something in front of it. Perhaps john@mail.mayson.
Date: Thu, 15 Oct 2009 10:12:54 -0500
From: Michael Grigoni <michael.grigoni@cybertheque.org>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: New top-level domain names are coming
Message-ID: <4AD73BF6.1060506@cybertheque.org>
Koos van den Hout wrote:
<snip>
> For example, when I try your ideal name in a search for a mailserver at home:
>
> $ host -vt mx horne
> Trying "horne.idefix.net"
> Trying "horne.koos.koffie.dot"
> Trying "horne"
> Host horne not found: 3(NXDOMAIN)
> Received 98 bytes from 2001:888:1011::694#53 in 0 ms
>
> Now when any toplevel domain can be in use and when people start to use
> e-mail addresses like you write your ideal address, software will be fixed
> to assume e-mail addresses are always fully qualified, even when there is
> no . in the righthandside.
Just qualify the domain name with a trailing dot, e.g.
nslookup wildbill@horne.
Works OK will all my antique DNS implementations.
Michael
Date: Thu, 15 Oct 2009 10:04:58 -0700
From: Thad Floryan <thad@thadlabs.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: New top-level domain names are coming
Message-ID: <4AD7563A.2020802@thadlabs.com>
On 10/15/2009 1:35 AM, Koos van den Hout wrote:
> Telecom Digest Moderator <telecomdigestmoderator.remove-this@and-this-too.telecom.csail.mit.edu> wrote in <4AD661D2.5080505@speakeasy.net>:
>> P.S. I've got dibs on "horne": my email will be wildbill@horne in
>> 2012. ;-)
>
> Way back when I first learned about this Internet thing and Internet
> e-mail, using user@name with no dots in the name ment: the *local*
> mailserver with that name, so one would use that to send
> mail from userA@server1 to userB@server2 without having to type
> userB@server1.subdomain.topleveldomain. A lot of software still assumes
> that names without dots can be affixed with the local domain name or
> search domain.
Hmmm, interesting. Looking just now at some old email from 29 years ago
(1980), we had ARPANET email addresses rms@mit-ai, thad@sri-kl, etc.
It wasn't until later that real TLDs (.net, .mil, .edu, etc) appeared.
> For example, when I try your ideal name in a search for a mailserver at home:
> [...]
> Now when any toplevel domain can be in use and when people start to use
> e-mail addresses like you write your ideal address, software will be fixed
> to assume e-mail addresses are always fully qualified, even when there is
> no . in the righthandside. But expect interesting problems when this is
> first implemented.
Precisely. I don't expect the transition to be without grief.
And what about domain squatters? Bill, better register "horne" ASAP. :-)
> On the other hand, spammers have broken e-mail enough that this will
> probably be just a minor problem.
As I wrote in another post, I'm glad I'm retiring this year. :-)
Date: 15 Oct 2009 09:45:44 -0400
From: kludge@panix.com (Scott Dorsey)
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: Telephone number spoofing
Message-ID: <hb7928$g3a$1@panix2.panix.com>
Tom Horne <hornetd@gmail.com> wrote:
>Can anyone explain, using [layman's] terminology, how callers get
>their phone number to show up as [that of] another subscriber or a
>non-existent telephone number? What would be the cost of putting an
>end to this capability? Does anyone know of a cost-effective way of
>avoiding receiving calls that are falsely numbered?
Caller-ID is not trustworthy information. You cannot expect it to be.
When you connect to the telco with a trunk line, you send it the caller-ID
information on the line. You can send it anything you want. It's polite to
send it correct information, but the telco doesn't check to see if it is
valid.
>I often get such calls at the fire house where I volunteer, from bill
>collectors and sales types. I only learn they are spoofed when I try
>to call back to get them to take the number off of their database. I
>get to turn those over to Department of Information Systems Technology
>(DIST) personnel and they must do something about them because I get
>very few repeats.
Why would you call them back? They're already violating the law, to
expect that they'll be polite and take you off the list is foolish.
>Obviously there has to be some way to put a stop to this nonsense.
>The real question is how much will it cost and who will pay.
Most of that stuff is already illegal anyway. If they were legitimate
callers, they wouldn't need to hide behind fake caller-ID. What you need
is for the existing laws to start getting enforced.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
Date: Thu, 15 Oct 2009 10:26:56 -0400
From: T <kd1s.nospam@cox.nospam.net>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: NYPD knows who you've been talking to. And where
Message-ID: <MPG.2540fb3741e51d9989bac@news.eternal-september.org>
In article <c22.6b798f2a.3807befc@aol.com>, Wesrock@aol.com says...
>
> In a message dated 10/14/2009 2:37:27 PM Central Daylight Time,
> hancock4@bbs.cpcn.com writes:
>
> > As an aside, Centrex could be provided by either crossbar or
> > step-by-step, though not panel. Wiring SxS to be Centrex was not
> > hard to do (see the Bell Labs history Vol II), but of course
> > features were limited. Our system had ONI to record the calling
> > number, but only for toll calls, not local calls. The answering
> > switchboard was a old style cord board, I think a 603.
>
> One of the first uses of a Centrex-like service was "in-dialing" to
> military bases. At Fort Sill, Oklahoma, site of the Artillery School,
> they simply gave it a prefix that trunked right into the
> military-owned and -maintained SxS switch.
>
> Fort Sam Houston in San Antonio had it a few months earlier.
>
> Anyone who ever tried to reach someone at a military base before that
> service went into operation will appreciate what an advance it was.
>
> Wes Leatherock
> wesrock@aol.com
> wleathus@yahoo.com
Even big business embraced Centrex like services. When I worked for
Ernst & Young the entire New England region was dialable with 4 digits.
Date: 15 Oct 2009 14:32:03 -0000
From: John Levine <johnl@iecc.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Re: New top-level domain names are coming
Message-ID: <20091015143203.18759.qmail@simone.iecc.com>
>P.S. I've got dibs on "horne": my email will be wildbill@horne in
>2012. ;-)
I hope you have the $185,000 application fee.
R's,
John
PS: Yes, really.
****** Moderator's Note ******
Will they give me a discount if I register "workingstiff"?
Date: Thu, 15 Oct 2009 16:42:23 -0700
From: "Al Gillis" <al.1020@hotmail.com>
To: redacted@invalid.telecom.csail.mit.edu
Subject: Morse (Was: Western Union's satellite loss)
Message-ID: <4ad7b360$0$86451$39cecf19@news.twtelecom.net>
> ***** Moderator's Note *****
>
> I'm curious which location(s) still had Morse circuits in operation in
> 1965: I'm a member of the Morse Telegraph Club, and the history of
> Morse always interests me.
>
> Bill Horne
> Moderator
>
>
At the Museum of Communications in Seattle, Washington, their exhibit on
toll facilities includes information related to using Morse between toll
testboards in the Bell System in days before (probably) the early 1960s or
so. One of the docents there (a former toll testboardman) is still proud of
his ability to send and receive at a fairly good rate! It's a great museum,
incidentally, and merits a visit if you're in Seattle. And it's just down
the road from the Boeing Museum of Flight, another excellent museum!
TELECOM Digest is an electronic journal devoted mostly to telecom-
munications topics. It is circulated anywhere there is email, in
addition to Usenet, where it appears as the moderated newsgroup
'comp.dcom.telecom'.
TELECOM Digest is a not-for-profit, mostly non-commercial educational
service offered to the Internet by Bill Horne. All the contents
of the Digest are compilation-copyrighted. You may reprint articles in
some other media on an occasional basis, but please attribute my work
and that of the original author.
The Telecom Digest is moderated by Bill Horne.
Contact information: Bill Horne
Telecom Digest
43 Deerfield Road
Sharon MA 02067-2301
781-784-7287
bill at horne dot net
Subscribe: telecom-request@telecom-digest.org?body=subscribe telecom
Unsubscribe: telecom-request@telecom-digest.org?body=unsubscribe telecom
This Digest is the oldest continuing e-journal about telecomm-
unications on the Internet, having been founded in August, 1981 and
published continuously since then. Our archives are available for
your review/research. We believe we are the oldest e-zine/mailing list
on the internet in any category!
URL information: http://telecom-digest.org
Copyright (C) 2009 TELECOM Digest. All rights reserved.
Our attorney is Bill Levant, of Blue Bell, PA.
---------------------------------------------------------------
Finally, the Digest is funded by gifts from generous readers such as
yourself who provide funding in amounts deemed appropriate. Your help
is important and appreciated. A suggested donation of fifty dollars
per year per reader is considered appropriate. See our address above.
Please make at least a single donation to cover the cost of processing
your name to the mailing list.
All opinions expressed herein are deemed to be those of the
author. Any organizations listed are for identification purposes only
and messages should not be considered any official expression by the
organization.
End of The Telecom digest (12 messages)
|
or 