[asterisk-biz] Fraud. (here we go again)
Jeremy
intrusiondetection at gmail.com
Mon Aug 18 21:01:25 CDT 2008
I must agree with Steve and emist. While it could be possible that they have
access to a network which is allowing them to spoof, or fake, any ip they
wish. I think its more probable that these are compromised hosts, and the
credit card data was taken from those computers. Can you provide packet
captures of there traffic? If you could track down a human at the end of one
of these hosts it would be trivial to find out if they are compromised.
I like Steves idea about requiring human intervention during account signup.
Is it required of this server to communicate with Vietnam at all? If not, I
would surely block them. If account creation succeeds but they cannot place
calls they should get bored and move on to the next target.
If it were me, I would setup a seperate server and route all suspect traffic
to the new server. I would allow them an account or two (not actually
charging any cc of course), and then record every move they make. Then I
should know who I am dealing with. If it is a small group or just a single
individual I would take action to have them removed from there ISP, etc. If
it were a group large or small, operating from certain jurisdictions which
do not care/do anything about this type of activity (I'm looking at *you*
.ro), this tactic would have no effect. Theres little left to do but defend
yourself to the best of your abilities, else strike back.
P.S. The rbn is alive and well, they have distributed there network across
several countries now. Watching them is fun, until they see you watching;)
On Mon, Aug 18, 2008 at 8:18 PM, emist <emistz at gmail.com> wrote:
> I agree with Steve theres definitely the possibility of them using
> compromised systems, in which case it will be almost impossible to know
> in advance.
>
> If I recall correctly there used to be decent money to be made in this
> kind of business as well as in the renting of botnets to perform DDOS a
> while back. Storm comes to mind, although I'm not sure what has become
> of the rbn since then.
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20080818/af583713/attachment.htm
More information about the asterisk-biz
mailing list