[Asterisk-Users] free dids on goiax.com

trixter aka Bret McDanel trixter at 0xdecafbad.com
Tue Oct 18 00:55:29 MST 2005


On Tue, 2005-10-18 at 02:36 -0500, Kevin Scott wrote:
> That really is a shame, goiax.com has been the best free termination service
> I have seen.  The call quality was excellent, better then some paid services
> I have used.
> 
> One idea, I'm not sure if you already did it, only allow one concurrent call
> per account?
> 
> And now DIDs, thanks from all of us for the great service.
> 
> Kevin

That solves only part of the problem and is easily worked around.  One
problem is mass calls, either for wardialing or call centers doing
telemarketing.  And does nothing for prank calls, but you can almost
never stop those.

Tracking IPs in registration can help weed out some (but not all)
mlutiple account users.  That also makes it hard for roommates to each
have their own accounts as they would most likely be using NAT.  This
coupled with a group count of 1 per account can help mitigate but not
eliminate war dialers/telemarketers from abusing the service.  The
reality is that it will most likely take multiple tactics ...

A credit system per account can be implemented, where duty cycle
determines when the next call can be placed (ie avoid continous calling
out by forcing them to not have concurrent calls for a while, if they
stay off for a while they can build credits and make a few calls in
rapid succession before being turned down).  The shorter the duration
each call is potentially the greater the chance they are doing something
undesirable.  Telemarketers and war dialers tend to not stay on the call
for 20 minutes or more ...

Another method is to just put a cap not more than X calls per Y
timeframe can be placed.  

That will slow but not prevent it.  Take for example a group of people
who do a distributed war dialing project.  If they all have 10 calls per
hour and there are more than 6 of them then continous calls can be
placed, providing the calls are 1 minute in duration.  

For authentication you can take the ebay approach.  Ban free mail
providers.  Of course getting the list of free mail providers is the
trick.  This mitigates but does not eliminate people using multiple
accounts.  I have a couple domains myself, friends also have several
domains.  I could in theory have 100 email addresses all completly
different, and all 'non-free'.  Checking MX records to see where the
mail goes to see if its all going to the same machine might help but
adds a ton of overhead to the process.

Checking IPs on signup wouldnt be that effective given that there are
thousands of proxy servers all over, making that almost impossible to
prevent.  It would just add another hurdle for someone to leap over, the
more there are the more likely people will not bother becuase it wont be
worth it, but there are always those dedicated few.  Programs like
proxychains aide in even using an iax client to connect via proxies,
providing the proxy supports all the required protocols.

I dont think you can stop it, only make it hard to use for the
undesirable purposes, at the risk of making it so hard to use that no
one will want to use it, which generally is a bad thing.  I am also sure
that there are other things that someone else can contribute that used
in combination or in stead of my suggestions can make this harder to
wardial/telemarket through but easy enough for everyone else to use.



-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
UK +44 870 340 4605   Germany +49 801 777 555 3402
US +1 360 207 0479 or +1 516 687 5200
FreeWorldDialup: 635378
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20051018/c22dbdcc/attachment.pgp


More information about the asterisk-users mailing list