Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Phreaking Technical System Info :: cid_ani.txt

A nice authorative review of CID and ANI and how you the Telco can 'reach out and touch' you if you aren't careful. Discussion of a possi






                            CALLER ID
                            =========


[TELECOM Digest Editor's Note: It is time to re-run this article by
Padgett which appeared earlier this year in the Digest. We will let
this be the authoritative answer to the commentaries running in this
issue of the Digest.  PAT]


               Frequently Asked Questions About Caller-ID
                            v1.1 Mar. 1994


        1) What is Caller-ID ?

        First ask "What is ANI"

        2) OK, What is ANI ?

        ANI  or Automatic Number Identification is a mechanism  by  which
        the different telephone companies determine what account is to be
        charged for a call, This information is passed between Telcos and
        was  originally  for  billing  purposes  and  predated  both  SS7
        (Signaling  System 7) and (C)LASS (Local Area Signaling  Services
        was the original AT&T designations, the "C" was added by Bellcore
        after  divesture)  services  which make CNID  or  Calling  Number
        IDentification as Caller-ID is more properly known, possible.

        Since  the  Telcos  had ANI, the decision was  made  to  make  it
        available  to  authorized  parties such as 911  service  and  law
        enforcement  agencies. ANI is also used to let a  Telco  operator
        know who is calling.

        More recently, ANI is used to report to 800 and 900  subscribers,
        who made the calls they have received, in the first case so  that
        the  800 subscriber knows who the charge is for, and so that  900
        number subscribers know who to charge.

        Thus  while ANI is similar to CALLER-ID and may provide the  same
        information,  they  are actually two different services  and  ANI
        information is not necessarily the same as what will appear on  a
        CALLER-ID display.

        3) Now (maybe) what is Caller-ID ?

        Caller-ID  is  a Telco offering that is a  byproduct  of  (C)LASS
        services.   In  this  case,  only  those  numbers   reported   by
        participating exchanges are returned, exactly which are and which
        are not is currently (March 1994) at the Telco's discretion.

        The  Federal Government has stated that it is their  intent  that
        nationwide  CNID be available by mid-1995. The full text of  this
        decision  may be found FCC Report No. DC-2571 issued on March  8,
        1994.

        The  biggest effect of the ruling is to mandate transport of  CPN
        (customer  provided number) information  between  interconnecting
        networks  eliminating  the effective  inter-LATA-only  limitation
        that exists today in most areas.

        Currently  there  are two types of Caller-ID.  The  first  (often
        referred  to as "basic" service) just returns the calling  number
        or an error message and the date/time of the call.

        The  second ("enhanced" Caller-ID) also may return the  directory
        information  about the calling number. At a minimum, the name  of
        the subscriber is returned (the subscriber is not the same as the
        caller, the phone company has no way to determine who is actually
        on the line).

        4) How is the Caller-ID information provided ?

        As  a  1200  baud, 7 data bits, 1 stop bit  data  stream  usually
        transmitted following the first and before the second ring signal
        on  the line. Note that this is not a standard Bell 212 or  CCITT
        v22 data format so a standard modem will probably not be able  to
        receive  it. Further, the serial information exists as such  only
        from  the  recipient's switch to the callee's  location.  Between
        carriers the signal exists as data packets.

        The signal is provided before the circuit is complete: picking up
        the receiver before the data stream is finished will stop/corrupt
        the transmission.

        Currently  there are two types of information returned: a  "short
        form" which contains the date/time (telco and not local) of the
        call  and  the calling number or error message. The  "long  form"
        will  also contain the name and possibly the  address  (directory
        information) of the calling phone.

        The  "short  form"  stream  consists of a  set  of  null  values,
        followed by a two byte prefix, followed by the DATE  (Month/Day),
        TIME  (24 hour format), and number including area code in  ASCII,
        followed  by  a  2s compliment checksum.  Most  modems/caller  id
        devices will format the data but the raw stream looks like this :
        0412303232383134333434303735353537373737xx
        or (prefix)02281334407555777(checksum)

        A formatted output would look like this:
        Date -   Feb 28
        Time -   1:34 pm
        Number - (407)555-7777

        5) Can a Caller-ID signal be forged/altered ?

        Since  the signal is provided by the local Telco switch  and  the
        calling  party's line is not connected until after the  phone  is
        answered, generally the signal cannot be altered from the distant
        end.  Manipulation would have to take place either at the  switch
        or on the called party's line.

        However,  the foregoing applies only to a properly designed  CNID
        unit.  For instance the Motorola M145447 chip has a "power  down"
        option that wakes the Chip up when the phone rings for just  long
        enough  to  receive, process, and deliver the CNID  signal  after
        which it shuts down until the next call.

        Should  this  option be disabled, the chip will be in  a  "listen
        always" state and it is theoretically possible to "flood" a  line
        making a vulnerable box record successive erroneous numbers.

        I have received a report of a device called "Presto Chango"  that
        can  transmit  an extra ADSI modem tone after the call  has  been
        picked up that will cause a susceptible box to display the  later
        information. It was also reported to me that CNID boxes  marketed
        by  US-West  as their brand and made by CIDCO have been  used  to
        demonstrate the "Presto Chango" box.

        6) What is "ID Blocking" ?

        Most  Telco's  providing  Caller-ID have been  required  to  also
        provide the ability for a calling party to suppress the Caller-ID
        signal. Generally this is done by pressing star-six-seven  before
        making the call. In most cases this will block the next call only
        however  some  Telcos  have  decided  to  implement  this  in   a
        bewildering  array of methods. The best answer is to contact  the
        service provider and get an answer in writing.

        Currently this is supplied as either by-call or by-line blocking.
        By-Call is preferred since the caller must consciously block  the
        transmission   on  each  call.  By-Line  blocking  as   currently
        implemented has the disadvantage that the caller, without  having
        a second caller-id equipped line to use for checking, has no  way
        of knowing if the last star-six-seven toggled blocking on or off.

        Note  that  blocking  is  provided by a  "privacy"  bit  that  is
        transmitted  along  with  the CNID information and  so  is  still
        available  to the Telco switch, just not to the subscriber  as  a
        CNID  signal. Consequently related services such as  call  trace,
        call return, & call block may still work.

        7) What happens if a call is forwarded ?

        Generally,  the  number  reported is that of the  last  phone  to
        forward  the call. Again there are some Telco differences so  use
        the  same  precaution  as in (6). If the forwarding  is  done  by
        customer  owned  equipment there is no way of  telling  but  will
        probably be the last calling number.

        Note  that as specified, CNID is *supposed* to return the  number
        of  the  originating  caller  but this is at  the  mercy  of  all
        forwarding devices, some of which may not be compliant.

        8)  What happens if I have two phone lines and a black box to  do
        the forwarding ?

        If  you  have  two  phone lines or  use  a  PBX  with  outdialing
        features,  the reported number will be that of the last  line  to
        dial. Currently there is no way to tell a black box from a  human
        holding two handsets together.

        9)  I called somebody from a company phone (555-1234)  but  their
        Caller-ID device reported 555-1000.

        Often a company with multiple trunks from the Telco and their own
        switch will report a generic number for all of the trunks.

        There  is  a  defined  protocol  for  PBXs  to  pass  true   CNID
        information  on outgoing lines but it will be a long time  before
        all existing COT (Customer Owned Telephone) equipment is upgraded
        to meet this standard unless they have a reason to do so.

        10)  I  run a BBS. How can I use  Caller-ID  to  authenticate/log
        callers ?

        There  are two ways. The first utilizes a separate Caller-ID  box
        with  a  serial  cable  or  an  internal  card.  This  sends  the
        information back to a PC which can then decide whether to  answer
        the  phone  and  what device should respond. Some  of  these  are
        available  which  can handle multiple phone lines  per  card  and
        multiple cards per PC.

        The second (and most common) is for the capability to be built in
        a  modem or FAX/modem. While limited to a single line per  modem,
        the information can be transmitted through the normal COM port to
        a  program  that again can decide whether or not  to  answer  the
        phone  and  how.  There is a FreeWare Caller-ID  ASP  script  for
        Procomm  Plus  v2.x available for FTP from the  Telecom  archive.
        Most  such  software packages will also log each call  as  it  is
        received and the action taken.

        Of course for true wizards, there are chips available (one of the
        first  was  the Motorola MC145447) that can  recognize  the  CNID
        signal and transform it into a proper RS-232 (serial) signal.

        11) How is security enhanced by using Caller-ID over a  Call-Back
        service or one-time-passwords for dial-up access ?

        Caller-ID  has one great advantage over any other  mechanism  for
        telephone  lines.  It  allows the  customer  to  decide  *before*
        picking up the receiver, whether to answer the call.

        Consider hackers, crackers, and phreaks. Their goal in life is to
        forcibly penetrate electronic systems without permission  (sounds
        like  rape doesn't it ?). They employ demon dialers  and  "finger
        hacking"  to  discover responsive numbers, often  checking  every
        number in a 10,000 number exchange.

        If  they get a response such as a modem tone, they have a  target
        and  will  often  spend  days  or  weeks  trying  every  possible
        combination of codes to get in. With Caller-ID answer  selection,
        the  miscreant  will  never get to the modem tone  in  the  first
        place, yet for an authorized number, the tone will appear on  the
        second ring. Previously the best solution for dial-ups was to set
        the modem to answer on the sixth ring (ats0=6). Few hackers  will
        wait that long but it can also irritate customers.

        12) What error messages will Caller-ID return ?

        a) "Out of Area" - (Telco) the call came from outside the Telco's
        service area and the Telco either has no available information or
        has chosen not to return what information it has.

        b)  "Blocked"  or  "Private"  - (Telco)  the  caller  either  has
        permanent call blocking enabled or has dialed star-six-seven  for
        this call. You do not have to answer either.

        c) "Buffer Full" - (device manufacturer) there are many Caller-ID
        devices  on  the  market  and exactly how  they  have  chosen  to
        implement  storage is up to the manufacturer. This probably  mans
        that  the  divide has a limited buffer space and  the  device  is
        either losing the earliest call records or has stopped  recording
        new calls.

        d)  "Data  Error"  or "Data Error  #x"  -  (device  manufacturer)
        signal was received that was substandard in some way or for which
        the checksum did not match the contents.

        e)  "No  Data Sent" - (device manufacturer) Signal  was  received
        consisting  entirely of nulls or with missing information  but  a
        proper checksum.

        13) Why are so many people against Caller-ID ?

        FUD - Fear, Uncertainty, & Doubt or 10,000,000 lemmings can't  be
        wrong.  There  were some justifiable concerns  that  some  people
        (battered  wives,  undercover policemen) might be  endangered  or
        subject   to  harassment  (doctors,  lawyers,  celebrities)    by
        Caller-ID.  As mentioned above there are several legitimate  ways
        to  either  block  Caller-ID or to have  it  return  a  different
        number.  It  is  up to the caller. The  advantage  is  that  with
        Caller-ID,  for  the first time, the called party  has  the  same
        "right of refusal".

        Expect yet another Telco service (at a slight additional  charge)
        to  be  offered to return an office number for  calls  made  from
        home. Crisis centers could return the number of the local  police
        station.


        Compiled by Padgett Peterson. Constructive comments to:
        padgett@tccslr.dnet.mmc.com  Brickbats >nul.

        Thanks for additional material to:

        David J. Kovan
        Robert Krten
        John Levine
        David G. Lewis
        Karl Voss

        but the mistakes are all mine - Padgett (Ignorance is curable)
___ Blue Wave/QWK v2.12






TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH