Wednesday, May 2, 2018

CLI spoofing prevention

Not sure if this belongs in /r/voip but it seemed like a mix of enterprise/home over there, and this is somewhat topical here anyways. Disclaimer: I am a novice to voice outside of the basics of setting up/managing VoIP for small business/home use, so I'm aware my speculation may sound dumb. Just trying to learn.

Can someone explain why CLI spoofing is not more preventable? In my admittedly limited understanding of all things voice it seems that the problem may be purely legal, i.e. we could require CLI info to match the number it originates from but there are no laws doing so. Am I correct or are there deeper technical reasons why? Almost sounds like a problem that could be at least somewhat mitigated by requiring verified registration of CLI info when the number is registered to some person/entity. Something along the same lines as a routing registry to prevent incorrect BGP advertisements.

Also any pointers to deep dives into how voice routing/registration works on the provider level would be appreciated. I sort of get it from rubbing shoulders with the voice team while working at a large SP, but....not really. It's always sounded like a weird mix of ancient Bell arcana and modern networking concepts to me.



No comments:

Post a Comment