Hi folks,<div><br></div><div>Useful feed that J. We publish similar in text file format: <a href="http://mirror.simwood.com/honeypot">http://mirror.simwood.com/honeypot</a></div><div><br></div><div>Simon</div><div><br><br>
<div class="gmail_quote">On 14 May 2013 20:07, PE <span dir="ltr"><<a href="mailto:peeip989@gmail.com" target="_blank">peeip989@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">J,<div><br></div><div>Is there an easy way to get the data from the twitter feed in a list format? This is great info. Thanks</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, May 13, 2013 at 12:57 PM, J. Oquendo <span dir="ltr"><<a href="mailto:joquendo@e-fensive.net" target="_blank">joquendo@e-fensive.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">A while back, when I started streaming to Twitter<br>
(<a href="https://twitter.com/efensive" target="_blank">https://twitter.com/efensive</a>) I had wanted to post the<br>
numbers being dialed by fraudsters so that others would<br>
be able to see these numbers and block them. Difficult<br>
to get a list of numbers called, in fact, I would hope<br>
that no one would have a number to add, as that would mean<br>
one was compromised. However, if anyone wants to share<br>
#'s being dialed fraudulently, I will add them to the<br>
Twitter stream and perhaps make an all inclusive list<br>
freely available.<br>
<br>
I added a few here and there, but I have also taken a lot<br>
of proactive steps to reduce fraud. (Hello Jim and others<br>
at Transnexus ;)) This is what I (we were I work) have<br>
done.<br>
<br>
I parse the logs on my SBCs on an hourly basis. The log<br>
parsing does two distinct things, 1) tallies the volume<br>
of calls, and two dissects which calls are going to<br>
high rated areas.<br>
<br>
STEP 1)<br>
Download SBC logs<br>
Perform a count against client trunks<br>
Compare that count against a 90 day baseline<br>
Report anomalies<br>
<br>
This allows me to see when a trunk is generating a lot of<br>
calls. Period<br>
<br>
STEP 2)<br>
Parse through SBC logs<br>
Parse out DESTINATION (country code area code)<br>
Check DESTINATIONS against a rate deck where price exceeds<br>
N amount per minute (I have this set to about .21 (USD) per<br>
minute. Report which trunk is making that call.<br>
The reporting is automated and if anomalies are detected,<br>
emails are sent and ALSO a call is generated to a group so<br>
that we will know ASAP that something has happened.<br>
<br>
We use Transnexus in ONE of our facilities, but have legacy<br>
Netrakes in another. So we had to improvise.<br>
<span><font color="#888888"><br>
--<br>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+<br>
J. Oquendo<br>
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM<br>
<br>
"Where ignorance is our master, there is no possibility of<br>
real peace" - Dalai Lama<br>
<br>
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF<br>
<a href="http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF" target="_blank">http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF</a><br>
</font></span><div><div>_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
</div></div></blockquote></div><br></div>
<br>_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
<br></blockquote></div><br></div>
<pre>--
***** Email confidentiality notice *****
This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.
Simwood eSMS Limited is a limited company registered in England and Wales. Registered number: 03379831. Registered office: c/o HW Chartered Accountants, Keepers Lane, The Wergs, Wolverhampton, WV6 8UA. Trading address: Falcon Drive, Cardiff Bay, Cardiff, CF10 4RU.