Hi Kili, thanks for this heads up.
Quoting Kili Land <[email protected]>:
You can get media from Twilio but be careful - the last time I dealt
with them on this I had several calls with them where I requested
features be added because at the time (2023) it was all or nothing.
You could not have them enable RTP capture on a single test number.
This may have changed, but definitely something to keep in mind
and get clarity on if you do want media from them.
Kili
-------------------------
FROM: Jeff Brower via VoiceOps <[email protected]>
SENT: Thursday, March 19, 2026 9:35:10 AM
TO: Aaron C de Bruyn <[email protected]>
CC: [email protected] <[email protected]>
SUBJECT: [VoiceOps] Re: Spamming for a week: 463-20X-XXXX
Hi Aaron,
Ok thanks. So what they make available from their dashboard is SIP
traffic, not media.
-Jeff
Quoting "Aaron C. de Bruyn via VoiceOps" <[email protected]>:
It's available under their Logs -> Calls -> <pick a call> menu.
Screenshots:
https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfile/Screenshot_from_2026-03-19_04-51-31.png
https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfile/Screenshot_from_2026-03-19_04-54-52.png
It's just the SIP packets between Twilio and your phone
server when you're using their SIP Trunking product.
-A
On Wed, Mar 18, 2026 at 9:23 PM Jeff Brower
<[email protected]> wrote:
_Hi Aaron,
Is that a Twilio "Voice Trace" pcap you can download ? I thought
those were for Twilio support engineer / internal viewing only. Or
are the ones you mention called something else ?
-Jeff
Quoting "Aaron C. de Bruyn via VoiceOps" <[email protected]>:_
_I forgot Twilio lets you download PCAPs of calls._
_ _
_I grabbed one at random:
P-Asserted-Identity: <sip:[email protected]:5060[1]>
SIP PAI Address: sip:[email protected]:5060[1]
SIP PAI User Part: +14632018300
E.164 number (MSISDN): 14632018300
SIP PAI Host Part: 206.147.72.38
SIP PAI Host Port: 5060_
_ _
_-A_
_On Wed, Mar 18, 2026 at 8:44 AM Aaron C. de
Bruyn <[email protected]> wrote:_
_I did NOT know that. :)_ _I'm not a
telco or service provider. Just part of a company that's
unfortunate enough to help a handful of customers manage their
own internal Asterisk or FreePBX systems._
_ _
_Most of my customers use Twilio upstream. I don't
think Twilio logs that header, and I don't see anything like it
in the Asterisk logs. (Not sure if it even gets passed to us or
if it just doesn't logs it.)_
_ _
_-A_
_On Wed, Mar 18, 2026 at 8:36 AM Mark R
Lindsey <[email protected]> wrote:_
_So...did you get any Identity headers? A traceback with ITG,
or maybe an Identity header, is your only hope for tracing the
origin._ _ _
_I'm including the below, not to say that you,
Aaron, don't know this, but just in case it's valuable to
anyone else reading:_
_ _
_In the case of your first number, it belongs
to a thousand block assigned initially to
Bandwidth.com[2]...but that's not even meaningful for routing a
call to them today. You'd have to do an LRN lookup to find out
how to deliver a call back to the legitimate owner of this
number._
_ _
_I did an LRN lookup for that first one, and
it's currently ported to Onvoy, one of the brands of Sinch. But
again, that only tells us how to get a call TO that legitimate
owner._
_ _
_What you want to know is how they're sending
calls to you. And if you're getting an Identity header it would
be at least interesting._
_ _
_Failing that, you can file a report with the
Industry Traceback Group to report illegal calls: _
_https://tracebacks.org/traceback-requests/_
_MARK R
LINDSEY | +1-229-316-0013 | [email protected] | LINKEDIN[3]_
_ _
_ _
_On Mar 18, 2026, at 11:22, Aaron C. de Bruyn via VoiceOps
<[email protected]> wrote:_
_A
bunch of numbers out of Indiana have been spamming my
customers for about a week._
_ _
_Most are automated recordings about how
your Google business listing is wrong and needs to be fixed so
customers can find you. Sometimes it's a human prefixed by
the telltale "BWOOP" sound._
_ _
_+14632000068 - BANDWIDTH.COM[4] CLEC LLC IN
+14632001925 - BANDWIDTH.COM[4] CLEC LLC IN
+14632004002 - BANDWIDTH.COM[4] CLEC LLC IN
+14632005772 - BANDWIDTH.COM[4] CLEC LLC IN
+14632006038 - BANDWIDTH.COM[4] CLEC LLC IN
+14632006422 - BANDWIDTH.COM[4] CLEC LLC IN
+14632006730 - BANDWIDTH.COM[4] CLEC LLC IN
+14632009587 - BANDWIDTH.COM[4] CLEC LLC IN
+14632018300 - BHN IP ENABLED SERVICES LLC
+14632018413 - BHN IP ENABLED SERVICES LLC
+14632018586 - BHN IP ENABLED SERVICES LLC
+14632018682 - BHN IP ENABLED SERVICES LLC
+14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen)
+14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen)
+14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen)
+14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen)
+14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen)
+14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen)
+14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen)
+14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen)
+14632030946 - METROPCS INC (T-Mobile US)_
_ _
_Kinda hard to believe the big boys
haven't caught this abuse of their network yet._
_ _
_I tried reporting the numbers to
bandwidth.com[4] (as ID'd by telcodata.us[5]), but their form
only allows for a single entry at a time, and it says most of
the numbers don't belong to them. Either their form is broken
or telcodata.us[5] is out of date._
_ _
_I can't find a reporting for
Level3/Lumen. They seem to be geared towards "I'm a customer
and need help figuring out the star code to block calls"._
_ _
_-A_
________________________________________________
VoiceOps mailing list -- [email protected]
https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/
To unsubscribe send an email to [email protected][6]_
Links:
------
[1] http://sip:[email protected]:5060
[2] http://Bandwidth.com
[3] https://www.linkedin.com/in/markrlindsey/
[4] http://bandwidth.com/
[5] http://telcodata.us/
[6] mailto:[email protected]
_______________________________________________
VoiceOps mailing list -- [email protected]
https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/
To unsubscribe send an email to [email protected]
