[VoiceOps] Broadsoft SIP Trunks and ILD Fraud

Fri Dec 30 12:43:17 EST 2011

I just looked at my latest victims profile and Bursting is disabled. What
version Broadworks do you run?

Zak Rupas
VoIP Engineer

*SimpleSignal*
3600 S Yosemite Suite 150

Denver, CO 80237
One Number Rings All My Phones: 303-242-8606

SimpleSignal.com <http://www.simplesignal.com/> |
Blog<http://www.simplesignal.com/blog>|
Facebook <http://www.facebook.com/SimpleSignal?ref=ts> |
Twitter<http://twitter.com/simplesignal>

*From:* PE [mailto:peeip989 at gmail.com]
*Sent:* Friday, December 30, 2011 10:39 AM
*To:* Zak Rupas
*Cc:* voiceops at voiceops.org
*Subject:* Re: [VoiceOps] Broadsoft SIP Trunks and ILD Fraud

Do you have bursting allowed? I've never seen it allow more than what is
configured.

On Fri, Dec 30, 2011 at 12:30 PM, Zak Rupas <zak at simplesignal.com> wrote:

My question still lingers tho. Thanks for the insight! But the million
dollar question is how are they getting around Broadsoft’s Concurrent model
for SIP trunks? For example I have a 5 user SIP trunk group in Broadsoft.
It limits them to only 5 calls domestically, however when the fraud starts
they move up to 20 or more concurrent calls for ILD. How is that happening?
J Broadsoft should be able to limit the concurrent calls per design

I am starting testing on a 1 Concurrent SIP trunk call group and will pass
ILD calls to see if it gets around the limitation. I’ll let you know what I
located

Zak Rupas
VoIP Engineer

*SimpleSignal*
3600 S Yosemite Suite 150

Denver, CO 80237
One Number Rings All My Phones: 303-242-8606

SimpleSignal.com <http://www.simplesignal.com/> |
Blog<http://www.simplesignal.com/blog>|
Facebook <http://www.facebook.com/SimpleSignal?ref=ts> |
Twitter<http://twitter.com/simplesignal>

*From:* PE [mailto:peeip989 at gmail.com]
*Sent:* Friday, December 30, 2011 10:07 AM
*To:* Zak Rupas
*Cc:* voiceops at voiceops.org
*Subject:* Re: [VoiceOps] Broadsoft SIP Trunks and ILD Fraud

Zak, this occurs because their PBX (to which the trunks are connected) gets
hacked?

The first step is to block International unless the customer requires it.
You can set maximum call duration, but that is only an inconvenience to the
hackers to make them dial again. You can try to get the customers to use
account codes for International. You can set time schedules (this might be
tricky and may need to do in the NS). And you need a fraud detection system
to alert you when it happens so that you can minimize the damage. Last but
not least, you can try and make the customer pay for the usage (that never
works).

On Fri, Dec 30, 2011 at 11:36 AM, Zak Rupas <zak at simplesignal.com> wrote:

Good Morning Voice OPS

Is anyone else experiencing anything like this? If so please share what you
have done / or will to make it stop

We have a series of smaller SIP trunk customers using Broadsoft trunk
groups. By design the trunk groups have a concurrent call limitation based
off the customer’s order. These smaller SIP trunks groups when compromised
are able to run up HUGE fraud bills even tho they only have 5 or 6 SIP
trunks. Needing to know if anyone else is seeing this that has Broadsoft
and what was done to protect yourselves?

Otherwise Happy NYE J

Zak Rupas
VoIP Engineer

*SimpleSignal*
3600 S Yosemite Suite 150

Denver, CO 80237
One Number Rings All My Phones: 303-242-8606

SimpleSignal.com <http://www.simplesignal.com/> |
Blog<http://www.simplesignal.com/blog>|
Facebook <http://www.facebook.com/SimpleSignal?ref=ts> |
Twitter<http://twitter.com/simplesignal>

_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20111230/c6b43472/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 25162 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20111230/c6b43472/attachment-0001.png>