C.I.D.: [ I agree that we should take the discussion off this list. Both the original poster and myself asked for suggestions of more appropriate forums to continue in. I also asked for replies to be directed to me personally, not to list. This is only in reply to Vail's public msg.] As I understand the whole SS-7/ANI/CID thing, CO generates the field ("header") only when a previous one is not already present in the call. I'm no phrexpert, but we've done some experiments nevertheless and emperically our evidence supports this: So I will paraphrase part of an original post to make it clear. It deals with call diverters (not Telco's "Call forwarding", but the private box you put on one line at home to personally direct all incoming calls to a second outgoing line. You can also steer calls through a PBX, of course, but lets keep the example simple. Nevertheless the end result is the same.) Pay attention now. Let's say that in my home I have a call diverter installed on my incoming line (line 1), forwarding - via my outcoming line (2) - all calls to Lunatic Labs. At the Labs, we have ANI. You call my home, but I am not there. Because of the diverter, your call gets steered to the Labs instead. Sit up straight now, this is where to fun part begins. WHICH OF THESE 2 NUMBERS ARE DISPLAYED AS CALLER ID? Your home phone number? (Who made the original call) Or that of my line no.2 at home? (Who actually made the last call, the one to the Labs). Surprise: Your number! (Original poster already said so, of course). Before SS7, you would route your call through a handful of diverters and stuff if you didn't want to be traced. Now there is no escaping. The first and original Caller ID follows the call no matter how you twist it around. If it is not there, it will be created. If it is there, your CO simply acts as a substation, it seems, not inserting any ID. Again, I am no expert, but you can experiment with this yourself and you will get the same result. Interesting. *67 is merely a privacy indicator (a "P" prefix) suppressing the DISPLAYING of the information, but it is still there and still stored in the computer. Because if the system is serious enough about getting your number, it can pick the call information straight up off layer 4 o the call - in other words, your call information, instead of stopping stone cold at the diverter, was passed from node to node up to your intended system. Cute, eh? .. but only if you're BEHIND the trigger. So, what can be done about it? Like I said yesterday, if you have the skills, we can perhaps but some code together that will let us build our own counterfeit CID fields. I have my doubts that a standard modem will be up to the task, this is just a hunch, maybe we will have to put some special electronics together to get the right tones. But I am a babe in the woods, just commenting on a paper I got thrown my way (and nothing illegal, merely sort of like the 911-information which means that the bad guys don't want us to have it but that it is publicly available nevertheless if you just know where to look for it). Bottom line: We know now the exact structure (frequencies, duration, etc) of the CID. This enables us to code a tool to let us construct replicas. While you are really the originator of the call, your telco won't think so, because the call they get already has the CID header and thus they won't add their own. They will think they are merely getting an already forwarded call, not a first. Does this sound like complete hogwash? Comments wanted, please. @@@@ This message has been brought to you by @ .. @ PETE "THE WIMP" WATKINS...BASICALLY SPINELESS(tm) | __ | \__/ <---Digitized representation of Pete Watkins My e-mail address is <mg5n+alias!wimp@andrew.cmu.edu> -- wimp --- (Forwarded via remailer)