[VoiceOps] fraud protection
Ujjval Karihaloo
ujjval at simplesignal.com
Mon May 14 16:37:27 EDT 2012
For Broadworks operators, Good idea to limit concurrent redirect calls at
Service Provider/Group/User levels.
You will find updated documentation on xchange on Security that was
updates recently. Email me offline if you need more info.
Ujjval Karihaloo
-----Original Message-----
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org]
On Behalf Of Scott Berkman
Sent: Monday, May 14, 2012 1:34 PM
To: 'Brandon Buckner'; voiceops at voiceops.org
Subject: Re: [VoiceOps] fraud protection
Ditto about Level 3 and XO, although in many cases their alerts are only
an hour or two behind us finding it.
One easy "tweak" that can help limit the impact of these is placing
concurrent call limits on International traffic in your switches or SBCs
based on your traffic trends. That way if you have sudden jump, not only
is there a cap on it, but in most systems you can be alerted that way as
well.
-Scott
-----Original Message-----
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org]
On Behalf Of Brandon Buckner
Sent: Monday, May 14, 2012 2:22 PM
To: voiceops at voiceops.org
Subject: Re: [VoiceOps] fraud protection
Level3 will notify us... about 24-48 hours after we've already discovered
it ourselves and taken appropriate action. ANPI is about at 4 hours or so.
Again, usually after we've already detected it. So while it's nice that
upstream carriers notify, it's usually well after a significant bill has
been racked up. It's best to be proactive on your own as much as possible.
I'm actively looking for more and better ways to be proactive ourselves
also. There are still some that get through the cracks now and then.
---
Brandon P. Buckner
-----Original Message-----
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org]
On Behalf Of Eric Wieling
Sent: Monday, May 14, 2012 12:35 PM
To: Mark Kent; voiceops at voiceops.org
Subject: Re: [VoiceOps] fraud protection
Verizon Business, Level 3, and XO all notify us of possible fraud on
International calls, but I don't think they monitor for fraud on domestic
calls.
-----Original Message-----
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org]
On Behalf Of Mark Kent
Sent: Monday, May 14, 2012 12:34 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] fraud protection
Hello,
We just had an unfortunate compromise and racked up a large amount of
calls in a 12 hour period. The attack seems to be for financial gain in
that the most frequent destination is a conference call service in Poland,
that possibly keeps calls open waiting for a PIN to be entered.
Is there any basis for expecting that the upstream carrier should have
some protections that would limit our liability?
Thanks,
-mark
P.S. For those people who feel compelled to point out that we should have
(better) protection on our end: Yes, Thank you, message received!
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
More information about the VoiceOps
mailing list