[VoiceOps] Spoofed Traffic
Brian R
briansupport at hotmail.com
Tue Dec 17 13:23:34 EST 2013
Having been at the receiving end of mad customers (not ours) and even having the LEOs show up at our front office asking us to stop our customer from spamming some poor entity/person (at one point an emergency center in another state, not 911 directly). I have seen two problems emerge.
1. Numbers can be spoofed, there is nothing we can directly or quickly do about it.
2. Law enforcement need training on how to properly address this problem, they are clueless.
Dealing with 1, when we receive a call from an upset customer that one of our numbers is spamming them (as often as not they only found the 10k block not if we owned the 1k block) we check the problem and find it is actually not from our network (it has never been yet). I give them one of these lines every time:
"What you are seeing is a call party number. This is the number being shown but not actually the number calling. Unfortunately we cannot help stop this because the call is not actually coming from our switch. You need to contact your phone provider and ask them to block the actual number that is calling. Provide them with your number, the number that called, and when they called. Ask them to find the "real" number and ask them to block it"
alternatively if they only looked up the 10k block and we don't own that 1k block we tell them
"We requested this block of numbers for our area and only kept 2000 (whatever value it really is) of those 10000 numbers. We do not own that block but here is the company that does. Please contact them and also contact your carrier as you are probably only seeing a call party number. Ask them to find the "real" number calling and block it, provide them with your number, the number that called, and when they called."
These actually have a positive effect on the customer (we will never end up with their service as it always seems they are out of area, lol) and it gives them a new purpose and new tools to fight with. I also throw out there http://localcallingguide.com.
Dealing with 2, whenever we deal with them we point them to http://localcallingguide.com and give them a similar rundown to how call party works as we do customers. We also explain to them how number blocks work (they are as bad about only finding the 10k blocks) and what portability with phone lines looks like. We tell them the best way to get results from a Telco is to provide the calling, called, and time. There is a limit to the amount of information we can give back out even to LEOs without a subpoena but if we can help mitigate a problem (assuming it is from our network) we will at least stop it.
Other than our contact with the law enforcement we deal with we cant do much about their overall training.
Community question: Would it be viable/worthwhile for law enforcement to have an agent in each department with access to tools (NPAC and others) to look up a number and contact the correct Telco? Is this something we even want?
Brian
Date: Tue, 17 Dec 2013 10:44:45 -0500
From: scott at sberkman.net
To: voiceops at voiceops.org
Subject: Re: [VoiceOps] Spoofed Traffic
If there is money behind the effort, you might want to try reaching
out to a Internet Security consulting firm for a "vishing
takedown". They can help put pressure on the right carriers and
assist in working with local LEOs.
On 12/11/2013 08:25 PM, Ryan Delgrosso
wrote:
LOL @ the FOIA request bit.
Seriously he hit the nail on the head. Weve seen this before and
there is honestly little that can be done.
On 12/11/2013 03:20 PM, Peter Beckman
wrote:
You tell the customer that there is nothing you can
do. There are so many
resellers of resellers, spoofing CallerID is practically
brainless, and bad
actors will complete millions of calls, maybe even billions,
using anyone's
ANI they want. Best you can do is offer to block calls from
people who are
being jerks complaining to your customer who didn't make the
calls.
The phone system is decentralized, and while that is generally
great, it
sucks for this.
There is nothing that can be done that will be effective. You
can complain
to lots of places, but unless the call is going through their
network, and
how could you possibly know what network the call is going
through, they
can't help. Even if it is, they might decide not to help.
A non-profit independent organization would have to get all the
carriers
involved to allow for tracking who sent what calls where and
when. And us
little guys won't get access, so we'll have to cut a ticket to
our carrier
to their carrier before we get a response a week later.
Or you could ask for an FOIA request from the NSA. Pretty sure
they'd know.
Beckman
On Wed, 11 Dec 2013, Jared Geiger wrote:
One of our customers is reporting that
their ANI is being used to make
calls. I've verified that the traffic isn't traversing our
network, but I'm
not sure of where to look next.
The customer doesn't necessarily want to know who is making
the calls, but
wants them to stop. I know I can contact Verizon, who owns the
number, but
since the calls aren't being originated from us or our
customer, I'm not
sure how they can help.
Does anyone have ideas of how to go about blocking this since
we aren't the
LEC owner of the DID?
~Jared
---------------------------------------------------------------------------
Peter Beckman
Internet Guy
beckman at angryox.com
http://www.angryox.com/
---------------------------------------------------------------------------
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20131217/438a8af1/attachment.html>
More information about the VoiceOps
mailing list