A while back, when I started streaming to Twitter (https://twitter.com/efensive) I had wanted to post the numbers being dialed by fraudsters so that others would be able to see these numbers and block them. Difficult to get a list of numbers called, in fact, I would hope that no one would have a number to add, as that would mean one was compromised. However, if anyone wants to share #'s being dialed fraudulently, I will add them to the Twitter stream and perhaps make an all inclusive list freely available. I added a few here and there, but I have also taken a lot of proactive steps to reduce fraud. (Hello Jim and others at Transnexus ;)) This is what I (we were I work) have done. I parse the logs on my SBCs on an hourly basis. The log parsing does two distinct things, 1) tallies the volume of calls, and two dissects which calls are going to high rated areas. STEP 1) Download SBC logs Perform a count against client trunks Compare that count against a 90 day baseline Report anomalies This allows me to see when a trunk is generating a lot of calls. Period STEP 2) Parse through SBC logs Parse out DESTINATION (country code area code) Check DESTINATIONS against a rate deck where price exceeds N amount per minute (I have this set to about .21 (USD) per minute. Report which trunk is making that call. The reporting is automated and if anomalies are detected, emails are sent and ALSO a call is generated to a group so that we will know ASAP that something has happened. We use Transnexus in ONE of our facilities, but have legacy Netrakes in another. So we had to improvise. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF