Finding caller number not from callerID

Hi all,
CallerID can be manipulated so is there a way to figure out actual calling number without relying on SIP callerID??
Thanks a lot for your help

ANI should not be passed to untrusted parties, like ordinary subscribers, except possibly for reverse charge calls.

Dave55 thanks for your help
according to the below, it can be spoofed so it does not really help me.
Let me give a bit more info:
I have built an IVR where user experience is customized per caller (Like say Hello Mister John Doe), who is identified by his phone number. I am not trying to pass anything to anyone just trying to identify caller.

I’m pretty sure that the “can” is a typo for “cannot”, as the structure of the sentence (advantages, BUT, limited availability) doesn’t make sense otherwise.

ANI is what is used by the network for this purpose. You will not get any better other than by initiating a call trace (network and police only, and may well not be available in real time),

ANI is considered confidential information, and should not be provided to the general public.

(Technically ANI represents the billable party, so it might not represent the origin phone.)

If you have responsible operators all the way to the caller, and the network signalling allows it (analogue doesn’t, and the SIP options that support it are often not used), CLID should either represent a number that the caller has demonstrated to the operator to be one they control, or it should be associated with a “not screened” flag setting.

Unfortunately, there seem to be a lot of VoIP operators who are not very responsible, but still get treated as network operators.

You will need to implement end to end authentication, and not rely on anything provided by the network.

well I tested callerID spoofing using an android app from my smartphone:
I called myivr number and ${CALLERID(ani)} contained the fake number.

Asterisk takes ANI from the From header, if it takes it at all. On most SIP systems, From is used for CLID, so you won’t receive usable ANI. If you want distinct ANI over SIP, you are going to have to have an unusual ITSP. The first part is relatively easy, you get them to send CLID in Remote-Party-ID or P-Asserted-Identity. The difficult part is to get them to send ANI in From. They will probably send your own number, there. (I’m not sure that SIP really recognizes the concept of ANI - I think that is more an ISDN concept.)

Basically, someone without trusted network operator status (government licensed in many countries) is not going to have anything better than CLID. All they can hope for is that the CLID is either screened or network provided. You should check the screened status, although this will not be provided if the ITSP is just using the From header.

(Nearly every domestic subscriber in the UK would love to have reliable ANI on all incoming calls, so that they could reliably block or ignore telephone spammers.)

Incidentally, a quite common request here is the ability for an end user to relay a call with the original CLID. We normally tell them that they can’t do it because a responsible service provider will never accept the unverified CLID from them. It does, however, indicate that there is a demand, from legitimate users, to be able to spoof CLID.