[VoiceOps] Tackling VoIP fraud, new idea

J. Oquendo sil at infiltrated.net
Fri Feb 21 10:25:13 EST 2014 

Because none of us want to deal with fraud, and many of us
have fought it, are fighting it, and eventually (like it or
not) will come across it. I am proposing starting up a NON
PUBLIC, TRUSTED mailing list. The purpose of the list would
be to share information on attacks, numbers, dialed, and so
forth. The reasoning for it not being public, would be
obvious, avoid letting a threat actor know they have been
flagged.

The theory behind this list, would be to aggregate KNOWN
fradulent destinations for the purposes of creating some
form of blacklist, or triggering mechanism. For example,
suppose I had a break in, where calls went to 2125551212.
On the list I would send an email stating:

x.x.x.x (IP) | 2125551212 | DATE | CHECKSUM

First field is obvious, you'd want to block this address.
Second field, one can set up a triggering mechanism.
(Pseudo code)

if [ number == 2125551212 ]
	then
do something (send_email || generate_phonecall
	done
fi

The date, is for historical purposes, and the checksum
would be a variable of which system saw what. For those
who have seen my VABL list http://www.infiltrated.net/vabl.txt
It would look EXACTLY like that. So for anyone who'd
care to share, without disclosing WHO shared the
information, there would be a mechanism to hide your
identity (company info, etc..)

The other reason for it being a NON public list, would be a
matter of trust in the sense that, I would NOT allow any
freemail (Gmail, Hotmail, etc) to be used, in order to
minimize any false positives. The last thing I would want
is for someone to maliciously submit data against a
competitor. (make sense?)

I am willing to start, and maintain such list, however, I'd
need to know whether or not a) others are willing to share
attack data (which will be sanitized) b) other businesses
and peers would find the data useful. 
-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

42B0 5A53 6505 6638 44BB  3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF

More information about the VoiceOps mailing list