Mailinglist Archive: opensuse (1108 mails)

< Previous Next >
Re: [opensuse] Fax vulnerability
On 08/17/2018 04:19 AM, James Knott wrote:
On 08/16/2018 11:17 PM, Bruce Ferrell wrote:
I worked in the telecom business for a fairly long time in central
offices and switches.  Yes, you can record the audio tones, but a fax
modem is a VERY fussy beast and that trick tends to not work.
Years ago, software FAX modems were popular.  They were generally just
an audio card with the modem software running.  Someone who was able
could modify that software for monitoring.

Nor is cracking the ss7 network.  Access is tightly controlled. One
does not "just get on" that network.
I also worked in telecom for many years.  I'd often set up Adtran
multiplexers for various services, including voice.  They can be
configured to supply whatever caller ID is desired.  These multiplexers
would then connect to the phone network via Primary rate ISDN, so they'd
originate the SS7 data for that location.  So yes, if I was the tech
setting up one of those multiplexers, I could make the caller ID show
whatever I wanted.  At another company, I also used to do a lot of work
with Newbridge multiplexers, which could similarly be configured, though
that wasn't part of my job at that time.


Oops! I meant to send this to the list and only sent to James. Mea Culpa!

Yea, the customer premises stuff like the Adtran and similar drop and insert mux gear could do that... but that connects to the customer side of the end office switch same as a IP (or any)  PBX does.  I know for fact the CO switches I worked on checked to assure what came from those installations was "correct", not just whatever the site tech wanted to set... It was a part of the provisioning setup.  If it wasn't per the provisioning, no calls went through. People got unhappy about that.

BRI and PRI ISDN is and was no fun to set up from either the customer or the CO
side.  someone always forgets to provide some crucial setting.  I've done both.

ISUP messages (ISDN User Part) are VERY limited in how far they go through SS7... Their data get's extracted at the switch and then checked and bundled into the stream going the signaling transfer point.  It's not like an IP packet that just get's passed along by a router.

If one could connect directly to an SS7 signaling transfer point, all sort of mischief can happen... but your customer premise systems (PBX, Adtran etc) aren't allowed that. As I said, access to the "real" SS7 network, is pretty tight... "white list", "unique shared key VPN" or dedicated line only.... And often all three.  This is why we see the security researchers thanking their hosts on the SS7 network.

If you set up an Asterisk or other IP PBX system  instance you can set the outbound caller ID to anything you want too... But you better follow the numbering plan (valid area code/NPA pairing) or the connecting switches have a nasty habit of rejecting your calls too... These days anyway, not at first.  I know, I played that game too for a while.

Those sound card FAX modems sort of worked and sometime could even be enticed to pretend to be analog telephone interface cards.  There were better at that last thing than doing FAXes though (they were a little bit hard of hearing) and this is why USR and other "real" modem makers ate their lunch.

At higher speeds the PSK modulation is bi-directional, synchronous and dynamic... Just listening isn't sufficient, because there is end to end  adjustment going on in the line carrier modulation... And THEN the FAX protocol comes into play.


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups