Send VoiceOps mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/voiceops
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of VoiceOps digest..."
Today's Topics:
1. Re: Issues with ISPs blocking SIP 5060 - 5061 (J. Oquendo)
2. Phone fraud doubles (J. Oquendo)
----------------------------------------------------------------------
Message: 1
Date: Thu, 21 Nov 2013 07:36:31 -0600
From: "J. Oquendo" <[email protected]>
To: Jay Hennigan <[email protected]>
Cc: [email protected]
Subject: Re: [VoiceOps] Issues with ISPs blocking SIP 5060 - 5061
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Wed, 20 Nov 2013, Jay Hennigan wrote:
> I haven't run into any blocking, but we're seeing more and more
> instances where the larger carriers will install some sort of NAT router
> as the handoff on residential and small business accounts as opposed to
> giving the customer a DHCP or static public IP.
>
> Many of these devices horribly break SIP, especially if you're putting
> any kind of ALG behind them.
>
> Getting the carrier to turn off all of the cruft and just give you raw
> access to the Internet is often an exercise in futility.
>
We have seen a lot (A WHOLE LOT) of this occurring with
Comcast. E.g., we have a client with multiple PBXs spread
through about a dozen or so locations throughout CT, RI, MA.
At least once per quarter, Comcast seems to push out some
form of policy/rule/firmware update or other that prohibits
the connection via VoIP and ONLY VoIP. This particular
account uses Comcast business however, when this occurs, we
get a call from this client, and see the trickle effect via
our other clients (ATAs, softphones, etc.)
Most other providers we deal with, could care less
(Covad, Paetec, AT&T) however the cable providers (which
RoadRunner is another) seem to be horrible at this game
(filtering). "Getting the carrier..." We try not to inherit
any of the network unless we are managing it. This frees us
from any liabilities associated with say a Doctors office
doing some whacky VPN to a hospital or other. Would take us
too long to perform a network assessment, and make sense of
a client's business needs, especially for free.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
------------------------------
Message: 2
Date: Thu, 21 Nov 2013 08:02:06 -0600
From: "J. Oquendo" <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: [VoiceOps] Phone fraud doubles
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Fluff, fluff, fluff, fluff, fluff...
"Pindrop Security, a startup focused on combating phone-based fraud for banks
and enterprise call centers, has released a new report outlining some of the
risks phone fraud poses to financial institution call centers."
http://www.securityweek.com/financial-phone-fraud-attempts-double-1h-2013-report
------------
Outside of a nice little bit of marketing, I think most of
us know, and see that phone fraud is up however, some of
what is quoted just sounds off: "counted over 2.4 million
consumer complaints of phone fraud attempts." First... How
big of a call center would they have to count this many
complaints. Second, we can go back to the "Ghost calls"
thread (Hennigan) from 11/12 and others... Does a phantom
call constitute a complaint. What about the 100,000 ghost
calls sent my one attacker?
I have been meaning to do some more analytics on some of
the junk I have seen, but become overwhelmed. I am highly
convinced that right now, there is 1) About a half dozen
groups highly focused on this (VoIP heavy hitters), and 2)
there is a forum shared by the attackers amongst one another
sort of a "VoIP carders market" (if you will), where an
attacker will post compromised servers to share in what I
perceive is a "fraudulent calling card" center with a way
to give kickbacks to carriers in questionable countries.
I believe the end destination carrier in some cases is
likely related (family wise) to some of the attackers.
E.g.: Palestine has been ramping things up via VoIP attacks.
What I notice is these attackers try to call numbers whose
carrier is owned by another Palestinian elsewhere. And it
is not isolated to Palestine, they happen to be the heavy
hitters via my logs this quarter.
I have seen: Romanian attacker --> route calls to company
in UK which happens to be owned by (drum roll) another
Romanian. Nevertheless, thought I'd ramp up some discourse
on VoIP and the oft overlooked (or is it underlooked) topic
of security.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
------------------------------
Subject: Digest Footer
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
------------------------------
End of VoiceOps Digest, Vol 53, Issue 14
****************************************
