Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Phreaking Technical System Info :: cnid.faq

Caller ID FAQ




Date: Fri, 21 Oct 94 07:54:30 -0400
From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson, P.E. Information Security)
Subject: RE: CNID

------------------------------8<-------------------------------------------


        
                   Frequently Asked Questions About Caller-ID
                                 v1.1 Mar. 1994
        
        
        1) What is Caller-ID ?
        
        First ask "What is ANI"
        
        2) OK, What is ANI ?
        
        ANI  or Automatic Number Identification is a mechanism  by  which 
        the different telephone companies determine what account is to be 
        charged for a call, This information is passed between Telcos and 
        was  originally  for  billing  purposes  and  predated  both  SS7 
        (Signaling  System 7) and (C)LASS (Local Area Signaling  Services 
        was the original AT&T designations, the "C" was added by Bellcore 
        after  divesture)  services  which make CNID  or  Calling  Number 
        IDentification as Caller-ID is more properly known, possible.
        
        Since  the  Telcos  had ANI, the decision was  made  to  make  it 
        available  to  authorized  parties such as 911  service  and  law  
        enforcement  agencies. ANI is also used to let a  Telco  operator 
        know who is calling.
        
        More recently, ANI is used to report to 800 and 900  subscribers, 
        who made the calls they have received, in the first case so  that 
        the  800 subscriber knows who the charge is for, and so that  900 
        number subscribers know who to charge.
        
        Thus  while ANI is similar to CALLER-ID and may provide the  same 
        information,  they  are actually two different services  and  ANI 
        information is not necessarily the same as what will appear on  a 
        CALLER-ID display.
        
        3) Now (maybe) what is Caller-ID ?
        
        Caller-ID  is  a Telco offering that is a  byproduct  of  (C)LASS  
        services.   In  this  case,  only  those  numbers   reported   by 
        participating exchanges are returned, exactly which are and which 
        are not is currently (March 1994) at the Telco's discretion.
        
        The  Federal Government has stated that it is their  intent  that 
        nationwide  CNID be available by mid-1995. The full text of  this 
        decision  may be found FCC Report No. DC-2571 issued on March  8, 
        1994.
        
        The  biggest effect of the ruling is to mandate transport of  CPN 
        (customer  provided number) information  between  interconnecting   
        networks  eliminating  the effective  inter-LATA-only  limitation 
        that exists today in most areas.
        
        Currently  there  are two types of Caller-ID.  The  first  (often 
        referred  to as "basic" service) just returns the calling  number 
        or an error message and the date/time of the call.
        
        The  second ("enhanced" Caller-ID) also may return the  directory 
        information  about the calling number. At a minimum, the name  of 
        the subscriber is returned (the subscriber is not the same as the 
        caller, the phone company has no way to determine who is actually 
        on the line).
        
        4) How is the Caller-ID information provided ?
        
        As  a  1200  baud, 7 data bits, 1 stop bit  data  stream  usually 
        transmitted following the first and before the second ring signal 
        on  the line. Note that this is not a standard Bell 212 or  CCITT 
        v22 data format so a standard modem will probably not be able  to 
        receive  it. Further, the serial information exists as such  only  
        from  the  recipient's switch to the callee's  location.  Between 
        carriers the signal exists as data packets. 
        
        The signal is provided before the circuit is complete: picking up 
        the receiver before the data stream is finished will stop/corrupt  
        the transmission.
        
        Currently  there are two types of information returned: a  "short 
        form" which contains the date/time (telco and not local) of the
        call  and  the calling number or error message. The  "long  form" 
        will  also contain the name and possibly the  address  (directory 
        information) of the calling phone.
        
        The  "short  form"  stream  consists of a  set  of  null  values, 
        followed by a two byte prefix, followed by the DATE  (Month/Day), 
        TIME  (24 hour format), and number including area code in  ASCII,  
        followed  by  a  2s compliment checksum.  Most  modems/caller  id 
        devices will format the data but the raw stream looks like this : 
        0412303232383134333434303735353537373737xx
        or (prefix)02281334407555777(checksum) 
        
        A formatted output would look like this:
        Date -   Feb 28 
        Time -   1:34 pm 
        Number - (407)555-7777
        
        5) Can a Caller-ID signal be forged/altered ?
        
        Since  the signal is provided by the local Telco switch  and  the 
        calling  party's line is not connected until after the  phone  is 
        answered, generally the signal cannot be altered from the distant 
        end.  Manipulation would have to take place either at the  switch 
        or on the called party's line. 
        
        However,  the foregoing applies only to a properly designed  CNID 
        unit.  For instance the Motorola M145447 chip has a "power  down" 
        option that wakes the Chip up when the phone rings for just  long 
        enough  to  receive, process, and deliver the CNID  signal  after 
        which it shuts down until the next call.
        
        Should  this  option be disabled, the chip will be in  a  "listen 
        always" state and it is theoretically possible to "flood" a  line 
        making a vulnerable box record successive erroneous numbers. 
        
        I have received a report of a device called "Presto Chango"  that 
        can  transmit  an extra ADSI modem tone after the call  has  been 
        picked up that will cause a susceptible box to display the  later 
        information. It was also reported to me that CNID boxes  marketed 
        by  US-West  as their brand and made by CIDCO have been  used  to 
        demonstrate the "Presto Chango" box.
        
        6) What is "ID Blocking" ?
        
        Most  Telco's  providing  Caller-ID have been  required  to  also 
        provide the ability for a calling party to suppress the Caller-ID 
        signal. Generally this is done by pressing star-six-seven  before 
        making the call. In most cases this will block the next call only 
        however  some  Telcos  have  decided  to  implement  this  in   a 
        bewildering  array of methods. The best answer is to contact  the 
        service provider and get an answer in writing.
        
        Currently this is supplied as either by-call or by-line blocking. 
        By-Call is preferred since the caller must consciously block  the 
        transmission   on  each  call.  By-Line  blocking  as   currently 
        implemented has the disadvantage that the caller, without  having 
        a second caller-id equipped line to use for checking, has no  way 
        of knowing if the last star-six-seven toggled blocking on or off.
        
        Note  that  blocking  is  provided by a  "privacy"  bit  that  is 
        transmitted  along  with  the CNID information and  so  is  still 
        available  to the Telco switch, just not to the subscriber  as  a 
        CNID  signal. Consequently related services such as  call  trace, 
        call return, & call block may still work.
        
        7) What happens if a call is forwarded ?
        
        Generally,  the  number  reported is that of the  last  phone  to 
        forward  the call. Again there are some Telco differences so  use 
        the  same  precaution  as in (6). If the forwarding  is  done  by 
        customer  owned  equipment there is no way of  telling  but  will 
        probably be the last calling number.
        
        Note  that as specified, CNID is *supposed* to return the  number 
        of  the  originating  caller  but this is at  the  mercy  of  all 
        forwarding devices, some of which may not be compliant.
        
        8)  What happens if I have two phone lines and a black box to  do 
        the forwarding ?
        
        If  you  have  two  phone lines or  use  a  PBX  with  outdialing 
        features,  the reported number will be that of the last  line  to 
        dial. Currently there is no way to tell a black box from a  human 
        holding two handsets together.
        
        9)  I called somebody from a company phone (555-1234)  but  their 
        Caller-ID device reported 555-1000.
        
        Often a company with multiple trunks from the Telco and their own 
        switch will report a generic number for all of the trunks.
        
        There  is  a  defined  protocol  for  PBXs  to  pass  true   CNID 
        information  on outgoing lines but it will be a long time  before 
        all existing COT (Customer Owned Telephone) equipment is upgraded 
        to meet this standard unless they have a reason to do so.
        
        10)  I  run a BBS. How can I use  Caller-ID  to  authenticate/log 
        callers ?
        
        There  are two ways. The first utilizes a separate Caller-ID  box 
        with  a  serial  cable  or  an  internal  card.  This  sends  the 
        information back to a PC which can then decide whether to  answer 
        the  phone  and  what device should respond. Some  of  these  are 
        available  which  can handle multiple phone lines  per  card  and 
        multiple cards per PC.
        
        The second (and most common) is for the capability to be built in 
        a  modem or FAX/modem. While limited to a single line per  modem, 
        the information can be transmitted through the normal COM port to 
        a  program  that again can decide whether or not  to  answer  the 
        phone  and  how.  There is a FreeWare Caller-ID  ASP  script  for 
        Procomm  Plus  v2.x available for FTP from the  Telecom  archive. 
        Most  such  software packages will also log each call  as  it  is  
        received and the action taken.
        
        Of course for true wizards, there are chips available (one of the 
        first  was  the Motorola MC145447) that can  recognize  the  CNID 
        signal and transform it into a proper RS-232 (serial) signal.
        
        11) How is security enhanced by using Caller-ID over a  Call-Back 
        service or one-time-passwords for dial-up access ?
        
        Caller-ID  has one great advantage over any other  mechanism  for 
        telephone  lines.  It  allows the  customer  to  decide  *before* 
        picking up the receiver, whether to answer the call.
        
        Consider hackers, crackers, and phreaks. Their goal in life is to 
        forcibly penetrate electronic systems without permission  (sounds 
        like  rape doesn't it ?). They employ demon dialers  and  "finger 
        hacking"  to  discover responsive numbers, often  checking  every 
        number in a 10,000 number exchange.
        
        If  they get a response such as a modem tone, they have a  target 
        and  will  often  spend  days  or  weeks  trying  every  possible 
        combination of codes to get in. With Caller-ID answer  selection, 
        the  miscreant  will  never get to the modem tone  in  the  first 
        place, yet for an authorized number, the tone will appear on  the 
        second ring. Previously the best solution for dial-ups was to set 
        the modem to answer on the sixth ring (ats0=6). Few hackers  will 
        wait that long but it can also irritate customers.
        
        12) What error messages will Caller-ID return ?
        
        a) "Out of Area" - (Telco) the call came from outside the Telco's 
        service area and the Telco either has no available information or 
        has chosen not to return what information it has. 
        
        b)  "Blocked"  or  "Private"  - (Telco)  the  caller  either  has 
        permanent call blocking enabled or has dialed star-six-seven  for 
        this call. You do not have to answer either.
        
        c) "Buffer Full" - (device manufacturer) there are many Caller-ID 
        devices  on  the  market  and exactly how  they  have  chosen  to 
        implement  storage is up to the manufacturer. This probably  mans 
        that  the  divide has a limited buffer space and  the  device  is 
        either losing the earliest call records or has stopped  recording 
        new calls.
        
        d)  "Data  Error"  or "Data Error  #x"  -  (device  manufacturer)  
        signal was received that was substandard in some way or for which 
        the checksum did not match the contents.
        
        e)  "No  Data Sent" - (device manufacturer) Signal  was  received 
        consisting  entirely of nulls or with missing information  but  a 
        proper checksum. 
        
        13) Why are so many people against Caller-ID ?
        
        FUD - Fear, Uncertainty, & Doubt or 10,000,000 lemmings can't  be 
        wrong.  There  were some justifiable concerns  that  some  people 
        (battered  wives,  undercover policemen) might be  endangered  or 
        subject   to  harassment  (doctors,  lawyers,  celebrities)    by 
        Caller-ID.  As mentioned above there are several legitimate  ways 
        to  either  block  Caller-ID or to have  it  return  a  different 
        number.  It  is  up to the caller. The  advantage  is  that  with 
        Caller-ID,  for  the first time, the called party  has  the  same 
        "right of refusal".
        
        Expect yet another Telco service (at a slight additional  charge) 
        to  be  offered to return an office number for  calls  made  from  
        home. Crisis centers could return the number of the local  police 
        station.
        
        
        Compiled by Padgett Peterson. Constructive comments to:
        padgett@tccslr.dnet.mmc.com  Brickbats >nul.
        
        Thanks for additional material to:
        
        David J. Kovan
        Robert Krten
        John Levine
        David G. Lewis
        Karl Voss
        
        but the mistakes are all mine - Padgett (Ignorance is curable)

END-----------------cut here------------------



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH