[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Faking a sender Number
|
From: |
Brendan Johan Lee |
|
Subject: |
Re: Faking a sender Number |
|
Date: |
Sun, 29 Sep 2002 13:29:24 +0200 |
Hi Stefan (And those who might be interested)
It seems like you didn't get very many replys to your message, so I thought
I would give you a little more information.
There are basically three ways you can fake the sender of a message (or use
alphanumerical sender id).
1) Have access to an SMSC. You can either have access to an SMSC directly
by speaking CIMD (normally only offered to large content providers,
etc) or you can have access through an api (HTTP/HTTPS/XML/etc). An
example of the second is through clickatell.
2) You can use a program to send SMS through a dial-in gateway through a
modem or ISDN. I myselft made a program to do this 3-4 years ago. Very many
(at least european) service providers offer dial-in SMS gateways free of
charge. All you have to pay is the cost of the phone call.
3) You can have lots of knowledge about GSM and spoof your caller id (this
requires a lot of knowledge and that you are willing to do something illegal)
In a later email you wrote:
Would you think then that there is a way to
prevent anyone
from sending you a false Sender address in any way, perhaps by getting
additional info such as the SMSC through which
an SMS was sent and banning messages from a non-trusted SMSC ?
I don't think this is a good approach. Mainly for two reasons:
1) The dial-in access messages normaly come from the same SMSC number as
they would if you sent them directly from your phone using the service
provider who offeres the dial-in access. In otherwords you would be banning
a lot of "legit" users.
2) Clickatell originated messages can be sent through several different
SMSC numbers. Clickatell has agreements with many different service
providers world wide and messages sent through their API are delivered
through different SMSC's depending on their destinations. An example are
SMS messages sent to Norway. They are delivered throught an Icelandic SMSC
that is also used by the Icelandic operators "legit" users. Again you would
be banning "legit" users.
Basically as an end user you don't really have any guarantee that the
sender of a message is true. I mean it could be as simple as a "corrupt
employee" at a service provider taking advantage of the possibilities his
job offers. However as a service provider, I believe verifying the true
sender of a message is a bit more simple.
I hope this message was of interest and help ;-)
Brendan Johan Lee
At 08:55 28.09.2002 +0200, you wrote:
Hi Guys,
Just wanted to get people's opinions on this.
How easy is it to fake the sender ID on an SMS message?
i.e to send an SMS which appears to be coming from a phone other than one's
own ?
I ask this not because I want to do it, but to assess to what extent one can
trust the
sender on a received SMS to truly report the number of the phone that it
came from.
Looking forward to a GSM guru's response on this.
Stefan
_______________________________________________
gnokii-users mailing list
address@hidden
http://mail.freesoftware.fsf.org/mailman/listinfo/gnokii-users
___________________________________________________
Best Regards
Brendan Johan Lee
Webmaster www.tequila.org
Phone: +4791189023
Workmail: address@hidden
Mainmail: address@hidden
Othermail: address@hidden
address@hidden
address@hidden
Spammail: address@hidden
ICQ: 48121929
___________________________________________________
Yesterday upon the stair
I met a man who wasn't there
He wasn't there again today
I think he's from the CIA
___________________________________________________
Best Regards
Brendan Johan Lee
Webmaster www.tequila.org
Phone: +4791189023
Workmail: address@hidden
Mainmail: address@hidden
Othermail: address@hidden
address@hidden
address@hidden
Spammail: address@hidden
ICQ: 48121929
___________________________________________________
Yesterday upon the stair
I met a man who wasn't there
He wasn't there again today
I think he's from the CIA
- Re: sms webservice, (continued)
- Re: sms webservice, Stefan Schoeman, 2002/09/27
- Re: sms webservice, Gaby Vanhegan, 2002/09/27
- Re: sms webservice, strajan, 2002/09/27
- Re: sms webservice, Liam Ward, 2002/09/27
- Faking a sender Number, Stefan Schoeman, 2002/09/28
- Re: Faking a sender Number, Pin~1.com.my, 2002/09/28
- Re: Faking a sender Number, Christian Rishoj, 2002/09/28
- Re: Faking a sender Number, Pin~1.com.my, 2002/09/28
- Re: Faking a sender Number, Christian Rishoj, 2002/09/29
- Re: Faking a sender Number, Stefan Schoeman, 2002/09/29
- Re: Faking a sender Number,
Brendan Johan Lee <=
- Re: sms webservice, Martin List-Petersen, 2002/09/28
- Re: sms webservice, Christian Rishoj, 2002/09/27
- Re: sms webservice, Pavel Machek, 2002/09/29
- free smsC ???, strajan, 2002/09/30
- Re: sms webservice, Martin List-Petersen, 2002/09/30