We block international transfers on ALL accounts and simply do not allow it. As Mark said, it is rarely needed. When a customer says they need it, we require special dispensation from the Pope to make it happen. That and they have to sign a waiver saying they understand the risks and that they will assume all costs if they do get hacked.<div>
<br></div><div>You could also try limiting it in the IAD (assuming it is yours).</div><div><br></div><div>I'd be inclined to open a ticket with Broadsoft and have them explain why their "maximum active call" limit isn't working.<br>
<div><br></div><div><br><br><div class="gmail_quote">On Fri, Dec 30, 2011 at 1:08 PM, Mark Holloway <span dir="ltr"><<a href="mailto:mh@markholloway.com">mh@markholloway.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">Some items to check:<div><br></div><div>1) Do you have the voice portal enabled?  If yes, are you allowing users to dial into the voice portal and enable call forwarding to a PSTN number?</div>
<div>2) Do you provide open access to the web portal?  How is your username/password strength?  Once a user account is hacked through the web portal call forwarding is typically enabled for fraud purposes.</div><div>3) If you have the voice portal enabled, are you allowing users to obtain outside dial tone to place calls from the voice portal?</div>
<div><br></div><div>A best-practice I always observed was to modify the outgoing dial plan for every Group or Enterprise and disable international call forwarding/transfers. It is very rare customers in the U.S. require this and you are better off disabling by default but having your Sales team ask up front when gathering customer requirements if they really need this enabled. </div>
<div><br></div><div><br><div><br><div><div class="im"><div>On Dec 30, 2011, at 10:44 AM, Zak Rupas wrote:</div><br></div><blockquote type="cite"><span style="border-collapse:separate;font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><div lang="EN-US" link="blue" vlink="purple">
<div><div class="im"><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Mark</span></div>
<p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></p>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">All of SIP trunk customer have to Registers on the network. It’s a requirement we adopted some time ago. I also just checked and Bursting is disabled on my latest account that had the issue. The had 5 SIP trunks but were averaging 20 CC ILD calls. So we may have encountered a Broadsoft bug. I am working on trying to come up with a plan for testing?</span></div>
<p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></p>
</div><div><div class="im"><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:17.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)">Zak Rupas</span><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><br>
</span><span style="font-size:9pt;font-family:Arial,sans-serif;color:rgb(31,73,125)">VoIP Engineer<br><br><b>SimpleSignal</b><br>3600 S Yosemite Suite 150</span></div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<span style="font-size:9pt;font-family:Arial,sans-serif;color:rgb(31,73,125)">Denver, CO 80237<br>One Number Rings All My Phones: <a href="tel:303-242-8606" value="+13032428606" target="_blank">303-242-8606</a></span></div>
</div><div><div class="h5"><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><span><image001.png></span></span></div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="color:rgb(31,73,125)"><a href="http://www.simplesignal.com/" style="color:blue;text-decoration:underline" target="_blank">SimpleSignal.com</a><span> </span>|<span> </span><a href="http://www.simplesignal.com/blog" style="color:blue;text-decoration:underline" target="_blank">Blog</a><span> </span>|<span> </span><a href="http://www.facebook.com/SimpleSignal?ref=ts" style="color:blue;text-decoration:underline" target="_blank">Facebook</a><span> </span>|<span> </span><a href="http://twitter.com/simplesignal" style="color:blue;text-decoration:underline" target="_blank">Twitter</a></span></div>
</div></div></div><div><div class="h5"><p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></p>
<div><div style="border-right-style:none;border-bottom-style:none;border-left-style:none;border-width:initial;border-color:initial;border-top-style:solid;border-top-color:rgb(181,196,223);border-top-width:1pt;padding-top:3pt;padding-right:0in;padding-bottom:0in;padding-left:0in">
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><b><span style="font-size:10pt;font-family:Tahoma,sans-serif">From:</span></b><span style="font-size:10pt;font-family:Tahoma,sans-serif"><span> </span>Mark Holloway [mailto:<a href="mailto:mh@markholloway.com" style="color:blue;text-decoration:underline" target="_blank">mh@markholloway.com</a>]<span> </span><br>
<b>Sent:</b><span> </span>Friday, December 30, 2011 10:38 AM<br><b>To:</b><span> </span>Zak Rupas<br><b>Cc:</b><span> </span><a href="mailto:voiceops@voiceops.org" style="color:blue;text-decoration:underline" target="_blank">voiceops@voiceops.org</a><br>
<b>Subject:</b><span> </span>Re: [VoiceOps] Broadsoft SIP Trunks and ILD Fraud</span></div></div></div><p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
 </p><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">The IP PBX (or on-prem SBC) should be registering to Broadworks using the Pilot number.  The SBC in your core will only allow SIP Invites from the registered device.  If you have non-registered SIP Trunks in Broadworks this is very dangerous. </div>
<div><p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"> </p><div><p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
 </p><div><div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">On Dec 30, 2011, at 9:36 AM, Zak Rupas wrote:</div></div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<br><br></div><div><div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif">Good Morning Voice OPS</span></div>
</div><p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif"> </span></p>
<div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif">Is anyone else experiencing anything like this? If so please share what you have done / or will to make it stop</span></div>
</div><p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif"> </span></p>
<div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif">We have a series of smaller SIP trunk customers using Broadsoft trunk groups. By design the trunk groups have a concurrent call limitation based off the customer’s order. These smaller SIP trunks groups when compromised are able to run up HUGE fraud bills even tho they only have 5 or 6 SIP trunks. Needing to know if anyone else is seeing this that has Broadsoft and what was done to protect yourselves?</span></div>
</div><p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif"> </span></p>
<div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif">Otherwise Happy NYE<span> </span></span><span style="font-size:11pt;font-family:Wingdings">J</span><span style="font-size:11pt;font-family:Calibri,sans-serif"></span></div>
</div><p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif"> </span></p>
<div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:17.5pt;font-family:Arial,sans-serif">Zak Rupas</span><span style="font-size:11pt;font-family:Calibri,sans-serif"><br>
</span><span style="font-size:9pt;font-family:Arial,sans-serif">VoIP Engineer<br><br><b>SimpleSignal</b><br>3600 S Yosemite Suite 150</span><span style="font-size:11pt;font-family:Calibri,sans-serif"></span></div></div><div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:9pt;font-family:Arial,sans-serif">Denver, CO 80237<br>One Number Rings All My Phones: <a href="tel:303-242-8606" value="+13032428606" target="_blank">303-242-8606</a></span><span style="font-size:11pt;font-family:Calibri,sans-serif"></span></div>
</div><div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif"><image001.png></span></div>
</div><div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><a href="http://www.simplesignal.com/" style="color:blue;text-decoration:underline" target="_blank">SimpleSignal.com</a><span> </span>|<span> </span><a href="http://www.simplesignal.com/blog" style="color:blue;text-decoration:underline" target="_blank">Blog</a><span> </span>|<span> </span><a href="http://www.facebook.com/SimpleSignal?ref=ts" style="color:blue;text-decoration:underline" target="_blank">Facebook</a><span> </span>|<span> </span><a href="http://twitter.com/simplesignal" style="color:blue;text-decoration:underline" target="_blank">Twitter</a><span style="font-size:11pt;font-family:Calibri,sans-serif"></span></div>
</div><p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif"> </span></p>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:13.5pt;font-family:Helvetica,sans-serif">_______________________________________________<br>
VoiceOps mailing list<br><a href="mailto:VoiceOps@voiceops.org" style="color:blue;text-decoration:underline" target="_blank">VoiceOps@voiceops.org</a><br><a href="https://puck.nether.net/mailman/listinfo/voiceops" style="color:blue;text-decoration:underline" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a></span></div>
</div></div><p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"> </p></div></div></div></div></div></div></span></blockquote>
</div><br></div></div></div><br>_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
<br></blockquote></div><br></div></div>