[asterisk-biz] Fraud. (here we go again)

Nitzan Kon nk3569 at yahoo.com
Tue Aug 19 02:25:52 CDT 2008


Our "top-ten" (or maybe "bottom-ten"...) countries so far are:

1. Egypt
2. Jordan
3. Palestinian Territory
4. Lebanon
5. China
6. Vietnam
7. India
8. Russia
9. North Korea
10. UK

Unfortunately, we do have legit customers from almost all of
these, so just blocking these at the firewall is not an option.
We screen each and every transaction (human), and usually detect
fraud in 99% of cases, but the Vietnamese guys are VERY good and
got past us for a few days. Damage is not too great, about $30
or so - but I want to make sure they don't succeed again.

  -- Nitzan

--- On Tue, 8/19/08, Sam Tam <samtam888 at gmail.com> wrote:

> From: Sam Tam <samtam888 at gmail.com>
> Subject: Re: [asterisk-biz] Fraud. (here we go again)
> To: "'Commercial and Business-Oriented Asterisk Discussion'" <asterisk-biz at lists.digium.com>
> Date: Tuesday, August 19, 2008, 2:24 AM
> Hey what wrong with Hong Kong. I don't believe you will
> have a lot of ports
> scan or dictionary attacks from Hong Kong. China yes may
> be. But Come on..
> You will be more likely to get port scan from a network
> like ev1 which from
> Hong Kong. Or at least may be 5 times as much.
> 
> If you read the statistic, most hacks attempts or scam
> attempts  are from
> China, Africa(not a lot of hack attempts), Russia, USA
> <---yes my friend USA
> too, you really won't see a lot from Vietnam (their
> broadband go down every
> afternoon for a few hrs and bw price is rocket high),
> Thailand (they are
> paying like close to $400 -1000 USD per mb so you think
> they will use it to
> port scan you ?)
> 
> Just my 2 cent
> Sam
> 
> -----Original Message-----
> From: asterisk-biz-bounces at lists.digium.com
> [mailto:asterisk-biz-bounces at lists.digium.com] On Behalf Of
> Alex Balashov
> Sent: Tuesday, August 19, 2008 1:57 PM
> To: nk3569 at yahoo.com; Commercial and Business-Oriented
> Asterisk Discussion
> Subject: Re: [asterisk-biz] Fraud. (here we go again)
> 
> Maybe an overly shotgun approach for your tastes, but I
> personally 
> firewall off all IP blocks from APNIC (the Asian-Pacific
> RIR) delegated 
> to the southeast Asian countries (China, Korea, Vietnam,
> Thailand, Laos, 
> Hong Kong -- yes, I know it is not a country).  Over 90% of
> my port 
> scans, my dictionary attacks and my problems seem to come
> from there.
> 
> If you take that approach, definitely don't block all
> the aggregate 
> APNIC ranges.  That would exclude quite a few Australians
> and New 
> Zealanders.
> 
> There are plenty of lists available online reliably of the
> blocks 
> delegated by country, with a specific focus on that region.
>  It is not 
> an uncommon practise among sysadmins.
> 
> -- 
> Alex Balashov
> Evariste Systems
> Web    : http://www.evaristesys.com/
> Tel    : (+1) (678) 954-0670
> Direct : (+1) (678) 954-0671
> Mobile : (+1) (706) 338-8599
> 
> _______________________________________________
> --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
> 
> AstriCon 2008 - September 22 - 25 Phoenix, Arizona
> Register Now: http://www.astricon.net
> 
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz
> 
> 
> 
> _______________________________________________
> --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
> 
> AstriCon 2008 - September 22 - 25 Phoenix, Arizona
> Register Now: http://www.astricon.net
> 
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz



More information about the asterisk-biz mailing list