[VoiceOps] Voice DDOS ?
Hi Folks, We are seeing something strange coming across our network. A disconnected client TFN is receiving 30,000+ calls per hour (all failing). The ANIs being used are dummy ANIs 17029983416 (no answer) and 16469820093 (recording saying no routes found). This is not affecting our network, although it's causing the upstream provider a bit of grief. Not sure why someone would do this We are about to remove the CICs at the sms800 level, but just wondering if anyone has come across something similar? Thanks, Ivan ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Voice DDOS ?
Sounds like a possible loop, the No Routes Found recording comes off of a Sonus Networks GSX or SBC. How is the TFN arriving to your network? - Chris On 24 Feb 2014, at 9:01, Ivan Kovacevic wrote: Hi Folks, We are seeing something strange coming across our network. A disconnected client TFN is receiving 30,000+ calls per hour (all failing). The ANIs being used are dummy ANIs 17029983416 (no answer) and 16469820093 (recording saying no routes found). This is not affecting our network, although it's causing the upstream provider a bit of grief. Not sure why someone would do this We are about to remove the CICs at the sms800 level, but just wondering if anyone has come across something similar? Thanks, Ivan ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Voice DDOS ?
I would just block the originating IP address. It would appear to me someone is trying to compromise your system. -Original Message- From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Christopher Aloi Sent: Monday, February 24, 2014 9:44 AM To: Ivan Kovacevic Cc: voiceops@voiceops.org Subject: Re: [VoiceOps] Voice DDOS ? Sounds like a possible loop, the No Routes Found recording comes off of a Sonus Networks GSX or SBC. How is the TFN arriving to your network? - Chris On 24 Feb 2014, at 9:01, Ivan Kovacevic wrote: Hi Folks, We are seeing something strange coming across our network. A disconnected client TFN is receiving 30,000+ calls per hour (all failing). The ANIs being used are dummy ANIs 17029983416 (no answer) and 16469820093 (recording saying no routes found). This is not affecting our network, although it's causing the upstream provider a bit of grief. Not sure why someone would do this We are about to remove the CICs at the sms800 level, but just wondering if anyone has come across something similar? Thanks, Ivan ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
It is a list of subscriber numbers that have been identified as destinations for fraudulent calls. The list is compiled by members of the GSM Fraud Forum and the CFCA. In addition to the subscriber number, the list identifies the organization that submitted the number and the reason why. Jim Dalton TransNexus From: Christopher Aloi [mailto:cta...@gmail.com] Sent: Monday, February 24, 2014 10:50 AM To: Jim Dalton Cc: J. Oquendo; Hiers, David; voiceops@voiceops.org; Mark Collier; voip...@voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea What does the International Revenue Fraud Number Database on cfa.org contain? I agree it's tricky to block based on hosts, you hit one and the others start popping up. -- Christopher Aloi -- cta...@gmail.com On Fri, Feb 21, 2014 at 4:17 PM, Jim Dalton jim.dal...@transnexus.com wrote: One option maybe to cooperate with the Communications Fraud Control Association (www.cfca.org). They do vet their members, but they do not have a mailing list. The association also has an annual membership fee. Jim Dalton -Original Message- From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of J. Oquendo Sent: Friday, February 21, 2014 3:38 PM To: Hiers, David Cc: voiceops@voiceops.org; Mark Collier; voip...@voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea On Fri, 21 Feb 2014, Hiers, David wrote: The key is vetting the participants. Even the feds have a hard time with that... Indeed which is why I stated: 1) Private mailing list - to prevent talks from being seen 2) NON freemail addresses - easier to establish that this individual works for this company, therefore its highly unlikely he is going to throw himself, and or his company, under the bus passing bogus information. The private mailing list is not to try to start some secret club, VoIP Gestapo. It is merely to be able to share data, methods, etc., with other peers in an effort to keep our networks from piping out 100s of thousands of dollars in toll fraud. PERIOD. ANYONE is open to participate, with the clause that we want to, and NEED to be able to trust data. Otherwise it will never work. I will re-think this over the weekend and have a take two. I think it could, and would work. I do also believe that there are likely individuals even on this list, that would not like the idea much, so hosting decisions need be met, etc., in order to keep away DDoS attacks, reputation based attacks, and so forth. That's my train of thought though. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM Where ignorance is our master, there is no possibility of real peace - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x2BF7D83F210A95AF search=0x2BF7D83F210A95AF ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
The CFCA may not want that information shared publicly. It would be best to ask them directly at fr...@cfca.org mailto:fr...@cfca.org%A0 From: Paul Timmins [mailto:p...@timmins.net] Sent: Monday, February 24, 2014 1:04 PM To: jim.dal...@transnexus.com Cc: 'Christopher Aloi'; 'Mark Collier'; voip...@voipsa.org; voiceops@voiceops.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea How many entries are on the list, and how quickly are they added? Mulling over the $2500 cost of membership to gain access. On Mon, 02/24/2014 12:43 PM, Jim Dalton jim.dal...@transnexus.com wrote: It is a list of subscriber numbers that have been identified as destinations for fraudulent calls. The list is compiled by members of the GSM Fraud Forum and the CFCA. In addition to the subscriber number, the list identifies the organization that submitted the number and the reason why. Jim Dalton TransNexus From: Christopher Aloi [mailto:cta...@gmail.com] Sent: Monday, February 24, 2014 10:50 AM To: Jim Dalton Cc: J. Oquendo; Hiers, David; voiceops@voiceops.org; Mark Collier; voip...@voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea What does the International Revenue Fraud Number Database on cfa.org contain? I agree it's tricky to block based on hosts, you hit one and the others start popping up. -- Christopher Aloi -- cta...@gmail.com On Fri, Feb 21, 2014 at 4:17 PM, Jim Dalton jim.dal...@transnexus.com wrote: One option maybe to cooperate with the Communications Fraud Control Association (www.cfca.org). They do vet their members, but they do not have a mailing list. The association also has an annual membership fee. Jim Dalton -Original Message- From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of J. Oquendo Sent: Friday, February 21, 2014 3:38 PM To: Hiers, David Cc: voiceops@voiceops.org; Mark Collier; voip...@voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea On Fri, 21 Feb 2014, Hiers, David wrote: The key is vetting the participants. Even the feds have a hard time with that... Indeed which is why I stated: 1) Private mailing list - to prevent talks from being seen 2) NON freemail addresses - easier to establish that this individual works for this company, therefore its highly unlikely he is going to throw himself, and or his company, under the bus passing bogus information. The private mailing list is not to try to start some secret club, VoIP Gestapo. It is merely to be able to share data, methods, etc., with other peers in an effort to keep our networks from piping out 100s of thousands of dollars in toll fraud. PERIOD. ANYONE is open to participate, with the clause that we want to, and NEED to be able to trust data. Otherwise it will never work. I will re-think this over the weekend and have a take two. I think it could, and would work. I do also believe that there are likely individuals even on this list, that would not like the idea much, so hosting decisions need be met, etc., in order to keep away DDoS attacks, reputation based attacks, and so forth. That's my train of thought though. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM Where ignorance is our master, there is no possibility of real peace - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x2BF7D83F210A95AF search=0x2BF7D83F210A95AF ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
On 2/24/14 7:50 AM, Christopher Aloi wrote: What does the International Revenue Fraud Number Database on cfa.org http://cfa.org contain? It's the internet. Pictures of cats, of course. Cats are always on-topic. Or did you mean http://www.cfca.org ? emily litella Never mind. /emily -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
On Mon, 24 Feb 2014, My List Account wrote: Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that?s in on the fraud pay the Telco that?s in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won?t have a reason to continue. I would also like to add into this question: I realize it can be very difficult to track down the hacker generating these SIP calls from stolen credentials because they can hide behind TOR or other proxies... (Somehow I doubt they all do. Some are probably terribly stupid and doing it from their home internet conncetion). But where the calls are going can be tracked right to the switch that has the CDN on it. Thus you have the owners of the numbers nailed down as well as the telephone company providing the service. Why are they not grilled as to why hackers are generating calls to their numbers and if determined to be part of the fraud arrested and taken to court? Is it because these telephone companies are in countries where corruption is rampant and they are greasing the right palms to stay out of trouble? matt I guess we all know there is no incentive for them to stop this practice because it?s a big cash cow for everyone except for the poor end user who is left holding the bag. Our default dial plan won?t let you dial these destinations so we don?t have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. Richey From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan Delgrosso Sent: Saturday, February 22, 2014 11:48 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
That is what our experience has been. The call origination IP is in countries that the Abuse email isn't even monitored. We have had reports to FBI, our upstream carriers, but no luck getting anywhere with these investigations. -Original Message- From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Matt Yaklin Sent: Monday, February 24, 2014 12:31 PM To: My List Account Cc: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud On Mon, 24 Feb 2014, My List Account wrote: Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that?s in on the fraud pay the Telco that?s in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won?t have a reason to continue. I would also like to add into this question: I realize it can be very difficult to track down the hacker generating these SIP calls from stolen credentials because they can hide behind TOR or other proxies... (Somehow I doubt they all do. Some are probably terribly stupid and doing it from their home internet conncetion). But where the calls are going can be tracked right to the switch that has the CDN on it. Thus you have the owners of the numbers nailed down as well as the telephone company providing the service. Why are they not grilled as to why hackers are generating calls to their numbers and if determined to be part of the fraud arrested and taken to court? Is it because these telephone companies are in countries where corruption is rampant and they are greasing the right palms to stay out of trouble? matt I guess we all know there is no incentive for them to stop this practice because it?s a big cash cow for everyone except for the poor end user who is left holding the bag. Our default dial plan won?t let you dial these destinations so we don?t have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. Richey From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan Delgrosso Sent: Saturday, February 22, 2014 11:48 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
Most of the countries that are generating the fraud are so corrupt that the only way you'll see justice is by sending in a team of Navy Seals. David Thompson Network Services Support Technician (O) 858.357.8794 (F) 858-225-1882 (E) dthomp...@esi-estech.com (W) www.esi-estech.com -Original Message- From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Matt Yaklin Sent: Monday, February 24, 2014 1:31 PM To: My List Account Cc: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud On Mon, 24 Feb 2014, My List Account wrote: Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that?s in on the fraud pay the Telco that?s in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won?t have a reason to continue. I would also like to add into this question: I realize it can be very difficult to track down the hacker generating these SIP calls from stolen credentials because they can hide behind TOR or other proxies... (Somehow I doubt they all do. Some are probably terribly stupid and doing it from their home internet conncetion). But where the calls are going can be tracked right to the switch that has the CDN on it. Thus you have the owners of the numbers nailed down as well as the telephone company providing the service. Why are they not grilled as to why hackers are generating calls to their numbers and if determined to be part of the fraud arrested and taken to court? Is it because these telephone companies are in countries where corruption is rampant and they are greasing the right palms to stay out of trouble? matt I guess we all know there is no incentive for them to stop this practice because it?s a big cash cow for everyone except for the poor end user who is left holding the bag. Our default dial plan won?t let you dial these destinations so we don?t have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. Richey From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan Delgrosso Sent: Saturday, February 22, 2014 11:48 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
On 2/24/14 10:48 AM, My List Account wrote: Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that’s in on the fraud pay the Telco that’s in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won’t have a reason to continue. The telco that terminates the high rate calls is making money on them, the carrier that is next-in-line makes money, and there are sufficient non-fraudulent calls to that carrier that refusing to complete the calls isn't possible without impacting legitimate service. This is similar to the 900/976 arrangement in the US a few years back. Assume that the fraudulent information service gets paid the equivalent of 50 US cents per minute. The national telco which may or may not be in on the deal gets another 50 cents. Big international rate deck for million-minute delivery might be $1.25 and you might pay $1.50 and bill your customers $2.00. Your customer's PBX gets owned, and racks up 5000 minutes for a bill of $10K. Everyone upstream wants their bite of the apple, none of them is responsible for making the calls, or at least can't be proven to be. If you're a really nice guy and knock the bill down to the $7500 that it costs you, your customer still thinks you're the bad guy. I guess we all know there is no incentive for them to stop this practice because it’s a big cash cow for everyone except for the poor end user who is left holding the bag. Precisely, but it's the end user who left the barn door open. Nobody in the revenue stream forced your customer to enable offsite international forwarding and set the DTMF voice portal password to 1234. Our default dial plan won’t let you dial these destinations so we don’t have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. And/or require verified auth codes and disable offsite forwarding, rate limit, put in monitoring and alerting/shutdown, and spend a lot of time, effort, and money protecting your customers from themselves. But, just as ISP customers want the whole Internet without filtering, most voice customers don't want The Phone Company telling them where they're allowed to call. Until they get the bill. Then they care. And if you do put in an alerting system, there's this dilemma: My pager just went of at 4:00 AM Sunday morning - do I call the CEO of my biggest customer and ask if they are deliberately placing 50 simultaneous calls to Somalia, shut the trunk down, or just send them the bill and hope they pay it? -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
ha ! Wow - Actual cats on the internet !! // my bad.. Correct - http://www.cfca.org On 24 Feb 2014, at 14:14, Jay Hennigan wrote: On 2/24/14 7:50 AM, Christopher Aloi wrote: What does the International Revenue Fraud Number Database on cfa.org http://cfa.org contain? It's the internet. Pictures of cats, of course. Cats are always on-topic. Or did you mean http://www.cfca.org ? emily litella Never mind. /emily -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Fraud
Would you mind sharing your hi toll rate destination dial plan? From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of My List Account Sent: Monday, February 24, 2014 1:48 PM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that's in on the fraud pay the Telco that's in on the fraud for the calls that are delivered to their network? Seems pretty simple, if you cut off their revenue stream they won't have a reason to continue. I guess we all know there is no incentive for them to stop this practice because it's a big cash cow for everyone except for the poor end user who is left holding the bag. Our default dial plan won't let you dial these destinations so we don't have a real issue with this abusive traffic. Most of our customers who use international go with one of our filtered dial plans that let them dial most of the world except for known fraudulent and high toll rate destinations. Richey From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Ryan Delgrosso Sent: Saturday, February 22, 2014 11:48 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Fraud In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence. If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections. BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way. -Ryan On 02/19/2014 02:09 PM, John Curry wrote: I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously? His bill was racked up pretty good. Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue. I tried to contact Avaya with no response. It seems as though someone has built a sniffer for the Avaya IP Offices and gleaning their registrations. ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops