[asterisk-biz] Fraud

www.IPKall.com Info at IPKall.com
Tue Jun 6 09:37:42 MST 2006 

Another suggestion, whether the DID's ANI should even be used as for
outbound calls. www.IPKall.com <http://www.ipkall.com/>  operates INBOUND
only services. In the past, abusers have spoofed our numbers.
 
IPKall
 
 
 
  _____  

From: asterisk-biz-bounces at lists.digium.com
[mailto:asterisk-biz-bounces at lists.digium.com] On Behalf Of Mike Lynchfield
Sent: Tuesday, June 06, 2006 9:05 AM
To: Commercial and Business-Oriented Asterisk Discussion
Subject: Re: [asterisk-biz] Fraud
 
no sure on the dns thing, but as far as did score , thats just it. a score.

Example 
ProviderID,DID,score[1 to 10],reason[varchar64],flag[cof,sof,bi,etc]

1000, 1231231234, 9,confirmed abuse,sof
would be suspicion of fraud 90% sure for did 1231231234 

code : cof = confirmed fraud.
          bi = billing isues.
          etc.

so you could actualy pull results nightly via corn or anythign you like and
scpecify filters.

pull.php?flag=all&minscore=3 etc 

you would then get that list to your pbx box and apply it as you wish.

as in output:

providernickname,DID,avgscore,totalcountofcomplaints,etcetc







On 6/6/06, Tomer Horn <thorn at ivrit.org.il> wrote:
I agree with Florian.

I would like to add that technically, it should be implemented either in
style of RBL using DNS and/or DUNDi - where the DUNDi will be used as a
blackhole. Just make sure that by design you'll be able to create 
redundancy sites in different locations in case of DDoS or whatever. Be
prepared for that.  You should allow, as you suggested, to download the
complete list by using the web/dns-axfr.

I think with that comes the subject of moral responsibility for the list: 
- Under what rules a DID goes into the list? Who is allowed to commit to
the list?
- What prevents from those who are running the list to list "safe" DIDs
and abuse
the list for whatever purposes. 
- Maybe the entries should have a feature to enter both positive and
negative
votes/scores/comments for each listed DID?

Just my 2 cents.

Florian Overkamp wrote:
> Hi Mike,
>
> Mike Lynchfield wrote: 
>> We create an API , or Web portal , that would accept input
>> (DID,Reason,Flag)
>> and serve a list.
>>
>> This list would be a SOF (Suspicion of fraud) list in either txt,xml 
>> or both
>> for you to download.
>
>> How does it sound ? ..
>
> The basic idea makes a lot of sense, although I think there should
> also be some meta-data like:
> - what is the nature of the SOF, in text, for customer support purposes 
> - when was the number registered as SOF
> - optionally, how many complaints were made about the number ?
> - if there was an identifiable source, of the complaint or notice, who
> was it ?
> 
> Our national regulator also publishes a list of numbers that have been
> seen in auto-diallers. Maybe other countries do the same ?
>
>

_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-biz
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20060606/e9680b91/attachment.htm

More information about the asterisk-biz mailing list