[VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea

Peter Beckman beckman at angryox.com
Fri Feb 21 15:30:12 EST 2014


I don't mind, but some believe that letting the fraudsters in on our
techniques allows them to have more information in order to circumvent our
roadblocks.

If there was a private list, technical implementations could be spoken of
without tipping our hand in public forums for fraudsters to counter.

Beckman

On Fri, 21 Feb 2014, Sergey Kolesnichenko wrote:

> Why dont't you want to speak about tactics here openly?
>
>
> 2014-02-21 19:51 GMT+02:00 Peter Beckman <beckman at angryox.com>:
>
>> Email sucks for this. I don't want to read an email about something hours
>> or days after the issue is happening and have to do something manually to
>> protect my infrastructure.
>>
>> This seems like something that should be an API in which trusted people can
>> access.
>>
>> But then you have concerns about trust of the data. Do I trust your
>> reasoning for an IP block? Do I even get to see your evidence?
>>
>> Honestly I don't need a list or an API to block stuff.
>>
>> HOWEVER, if this can become a private discussion list to talk about
>> methods, techniques and tactics that we can all implement in order to
>> prevent telecom/SIP/VoIP fraud on our own, THAT I'd be interested in.
>>
>> Beckman
>>
>>
>>
>> On Fri, 21 Feb 2014, J. Oquendo wrote:
>>
>>  On Fri, 21 Feb 2014, Sergey Kolesnichenko wrote:
>>>
>>>  One more mailing list? :-) I'm sure it is a bad idea. I'm working for a
>>>> company to protect it from VoIP related attacks, but you will never have
>>>> gurantess that I will not be using the data in a private list to attack
>>>> someone as a private individual :-) it is a security hole in a private
>>>> list
>>>> about VoIP security...
>>>>
>>>>
>>> I disagree with it being a bad idea. There is never any
>>> guarantees in life. The purpose for a private list, is it
>>> protects COMPANIES data. There is a trust mechanism in the
>>> sense that should/if/when someone wants to contest data,
>>> I can go back based on checksum to determine WHO submitted
>>> what. I HIGHLY doubt, someone would throw away their
>>> reputation, and or damage company reputation by submitting
>>> falsified data.
>>>
>>>
>>> --
>>> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
>>> J. Oquendo
>>> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
>>>
>>> "Where ignorance is our master, there is no possibility of
>>> real peace" - Dalai Lama
>>>
>>> 42B0 5A53 6505 6638 44BB  3943 2BF7 D83F 210A 95AF
>>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
>>> _______________________________________________
>>> VoiceOps mailing list
>>> VoiceOps at voiceops.org
>>> https://puck.nether.net/mailman/listinfo/voiceops
>>>
>>>
>> ------------------------------------------------------------
>> ---------------
>> Peter Beckman                                                  Internet Guy
>> beckman at angryox.com
>> http://www.angryox.com/
>> ------------------------------------------------------------
>> ---------------
>>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman at angryox.com                                 http://www.angryox.com/
---------------------------------------------------------------------------


More information about the VoiceOps mailing list