On 12/30/2011 8:36 AM, Zak Rupas wrote:
Good Morning Voice OPS
Is anyone else experiencing anything like this? If so please share what you have done / or will to make it stop
We have a series of smaller SIP trunk customers using Broadsoft trunk groups. By design the trunk groups have a concurrent call limitation based off the customer's order. These smaller SIP trunks groups when compromised are able to run up HUGE fraud bills even tho they only have 5 or 6 SIP trunks. Needing to know if anyone else is seeing this that has Broadsoft and what was done to protect yourselves?
It all depends on the set-up on the client's end. Most PBXs have the capabilities to drop certain calling patterns (dialplans) but you can also implement PIN based international calling dialplans, block known bad blocks or outright block everyone in and allow ONLY trusted sources (usually your best bet) to register and or place calls through the trunked PBX. I have implemented a wide array of counters to this ranging from blocking country-codes based on pricing, PIN based international calling, "creative firewalling" to full blown reactive honeypot based systems to detect and counter this type of fraud as it occurs. The metrics behind the honeypots are based on a variety of pre-defined variables (who is making the call (what IP), when the call is being made (time of day), the destination party, country code rates) which is the reason for the initial statement: "all depends on the set-up." I noticed that under the managed SIP trunking umbrella, clients had no problem using PINs once they understood "why" and "how much" it would cost them otherwise. You have to spell it out though: "We will implement an as-you-go-based opt-*out* international calling mechanism to deter against toll-fraud. To counter fraud we are implementing X change." Once clients become aware of the need for something like a PIN or time based calling, they're likely to go ahead with the changes as they understand they will be held liable for NOT abiding by the TOS you put forth. Most of the times, this whole issue is sketchy. E.g., you get a new customer, they get "owned" and they owe you say $1000 where you owe YOUR upstream say $800, if they leave, you're still hit with the bill. By creating something that states "YOU WILL ABIDE BY" gives you better legal footing IMHO. But IANAL so double check that ;) Summary: Configure the trunked PBXs properly. If you KNOW international calling is a necessity, then create say a PIN and time based dial plan. You can also restrict the amount of calls placed BY any device registering as well as solely allowing N amount of account registrations. You could also firewall down the PBX. There are plenty of options, hope my rambling helps. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF