[asterisk-users] Is there a public blacklist of hackers' IPaddresses?

[randulo]

On Thu, Mar 26, 2009 at 1:32 PM, SIP <sip at arcdiv.com> wrote:
> As an end-point ITSP, I can assure you, it would be us who's assessed
> the requisite charges. If someone uses a fraudulent card, we're required
> to pay. If someone uses a three letter password on his account, and it's
> hacked into and uses to rack up charges, we have to pay.

Neil,

It hadn't occurred to me when writing it, but obviously there are
situations that don't match the banking paradigm. For example, suppose
I run my own asterisk, I have a contract with a company like yours and
you have my banking info with an authorization to top up. If the fraud
is someone on the banking end (hacked my card details for example)
that's covered by the bank. But if they brute force hacked my asterisk
install because the extension, the username and the secret are all
'2005' and then make $100k worth of calls, people like lawyers and
judges won't easily see that it's the asterisk install that's
responsible, not your company or even the bank. I wonder what steps
can be taken legally right now to make responsibilities clearer to the
legal world?

I once had a guy break in to my house and call his girlfriend in
Mexico about 50 times in  two weeks. When I called Pacific Bell, the
operator placed a call to the number, the woman (stupidly!) admitted,
"yes I know Luis, he calls me all the time" and even though the
operator heard this, PB still refused to exempt those charges and go
after the guy.

I closed my PB account and opened a new one under a variation of my name.

/r