[VoiceOps] Spoofed Traffic

Brian R briansupport at hotmail.com
Tue Dec 17 13:23:34 EST 2013

Having been at the receiving end of mad customers (not ours) and even having the LEOs show up at our front office asking us to stop our customer from spamming some poor entity/person (at one point an emergency center in another state, not 911 directly).  I have seen two problems emerge.
1. Numbers can be spoofed, there is nothing we can directly or quickly do about it.
2. Law enforcement need training on how to properly address this problem, they are clueless.
Dealing with 1, when we receive a call from an upset customer that one of our numbers is spamming them (as often as not they only found the 10k block not if we owned the 1k block) we check the problem and find it is actually not from our network (it has never been yet).  I give them one of these lines every time:
"What you are seeing is a call party number.  This is the number being shown but not actually the number calling.  Unfortunately we cannot help stop this because the call is not actually coming from our switch.  You need to contact your phone provider and ask them to block the actual number that is calling.  Provide them with your number, the number that called, and when they called.  Ask them to find the "real" number and ask them to block it" 
alternatively if they only looked up the 10k block and we don't own that 1k block we tell them 
"We requested this block of numbers for our area and only kept 2000 (whatever value it really is) of those 10000 numbers.  We do not own that block but here is the company that does.  Please contact them and also contact your carrier as you are probably only seeing a call party number.  Ask them to find the "real" number calling and block it, provide them with your number, the number that called, and when they called."  
These actually have a positive effect on the customer (we will never end up with their service as it always seems they are out of area, lol) and it gives them a new purpose and new tools to fight with.  I also throw out there http://localcallingguide.com.
Dealing with 2, whenever we deal with them we point them to http://localcallingguide.com and give them a similar rundown to how call party works as we do customers.  We also explain to them how number blocks work (they are as bad about only finding the 10k blocks) and what portability with phone lines looks like.  We tell them the best way to get results from a Telco is to provide the calling, called, and time.  There is a limit to the amount of information we can give back out even to LEOs without a subpoena but if we can help mitigate a problem (assuming it is from our network) we will at least stop it.
Other than our contact with the law enforcement we deal with we cant do much about their overall training.
Community question:  Would it be viable/worthwhile for law enforcement to have an agent in each department with access to tools (NPAC and others) to look up a number and contact the correct Telco?  Is this something we even want?
Date: Tue, 17 Dec 2013 10:44:45 -0500
From: scott at sberkman.net
To: voiceops at voiceops.org
Subject: Re: [VoiceOps] Spoofed Traffic

    If there is money behind the effort, you might want to try reaching
    out to a Internet Security consulting firm for a "vishing
    takedown".  They can help put pressure on the right carriers and
    assist in working with local LEOs.



    On 12/11/2013 08:25 PM, Ryan Delgrosso

      LOL @ the FOIA request bit. 


      Seriously he hit the nail on the head. Weve seen this before and
      there is honestly little that can be done. 


      On 12/11/2013 03:20 PM, Peter Beckman

      You tell the customer that there is nothing you can
        do. There are so many 

        resellers of resellers, spoofing CallerID is practically
        brainless, and bad 

        actors will complete millions of calls, maybe even billions,
        using anyone's 

        ANI they want. Best you can do is offer to block calls from
        people who are 

        being jerks complaining to your customer who didn't make the


        The phone system is decentralized, and while that is generally
        great, it 

        sucks for this. 


        There is nothing that can be done that will be effective. You
        can complain 

        to lots of places, but unless the call is going through their
        network, and 

        how could you possibly know what network the call is going
        through, they 

        can't help. Even if it is, they might decide not to help. 


        A non-profit independent organization would have to get all the

        involved to allow for tracking who sent what calls where and
        when. And us 

        little guys won't get access, so we'll have to cut a ticket to
        our carrier 

        to their carrier before we get a response a week later. 


        Or you could ask for an FOIA request from the NSA. Pretty sure
        they'd know. 




        On Wed, 11 Dec 2013, Jared Geiger wrote: 


        One of our customers is reporting that
          their ANI is being used to make 

          calls. I've verified that the traffic isn't traversing our
          network, but I'm 

          not sure of where to look next. 


          The customer doesn't necessarily want to know who is making
          the calls, but 

          wants them to stop. I know I can contact Verizon, who owns the
          number, but 

          since the calls aren't being originated from us or our
          customer, I'm not 

          sure how they can help. 


          Does anyone have ideas of how to go about blocking this since
          we aren't the 

          LEC owner of the DID? 







        Peter Beckman                                                 
        Internet Guy 

        beckman at angryox.com                                





VoiceOps mailing list
VoiceOps at voiceops.org



VoiceOps mailing list
VoiceOps at voiceops.org




VoiceOps mailing list
VoiceOps at voiceops.org



VoiceOps mailing list
VoiceOps at voiceops.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20131217/438a8af1/attachment.html>

More information about the VoiceOps mailing list