The Caller ID
Buffer is the memory
area in a caller ID unit which stores caller information for past calls. Current semiconductor technology dictates that it can only hold a finite
amount of caller ID data, and cost saving measures dictate that it must be a very small amount of memory. typical caller ID units store information on the last 10, 50, or 100 calls.
A buffer overflow
is when a memory or storage buffer has more data coming in than going out. When it finally reaches its limit, it must lose data - sometimes it simply drops incoming data, but most often it overwrites the oldest data with the new incoming data.
In a caller ID, this means that if you do not erase caller ID information once you've reviewed it (or if you never review it) then it will simply form a loop of the last X calls, X being the number of calls it can hold it its finite and small memory.
Caller ID Buffer Overflow Exploit - when the attacker calls repeatedly so as to overwrite the entire buffer with new, and often redundant, data.
Caller ID devices simply count the number of times a single number has called sequentially
and stores that.
So a caller ID log would be:
Joe Black - (010) 733-3373 - 320 calls - last day
Phineous Gray - (010) 734-9924 - 1 call - day and time
Such ID units typically have enough memory
to store 50 or more past calls. The limitation
here is that a potential
buffer-overflow artist need only posess two phone number
s, dialing alternately, to run out the buffer.
The upside to all of this is that there are
things you can do about this. You can complain to the authorities (since you have the number) about harrassment
. You can use a computer to track the Caller ID, and store practical
ly an infinite number of calls. You can ignore Caller ID altogether. Surprisingly, people were still able to use the phone system effectively even before answering machines
nevermind caller id.