Because none of us want to deal with fraud, and many of us have fought it, are fighting it, and eventually (like it or not) will come across it. I am proposing starting up a NON PUBLIC, TRUSTED mailing list. The purpose of the list would be to share information on attacks, numbers, dialed, and so forth. The reasoning for it not being public, would be obvious, avoid letting a threat actor know they have been flagged. The theory behind this list, would be to aggregate KNOWN fradulent destinations for the purposes of creating some form of blacklist, or triggering mechanism. For example, suppose I had a break in, where calls went to 2125551212. On the list I would send an email stating: x.x.x.x (IP) | 2125551212 | DATE | CHECKSUM First field is obvious, you'd want to block this address. Second field, one can set up a triggering mechanism. (Pseudo code) if [ number == 2125551212 ] then do something (send_email || generate_phonecall done fi The date, is for historical purposes, and the checksum would be a variable of which system saw what. For those who have seen my VABL list http://www.infiltrated.net/vabl.txt It would look EXACTLY like that. So for anyone who'd care to share, without disclosing WHO shared the information, there would be a mechanism to hide your identity (company info, etc..) The other reason for it being a NON public list, would be a matter of trust in the sense that, I would NOT allow any freemail (Gmail, Hotmail, etc) to be used, in order to minimize any false positives. The last thing I would want is for someone to maliciously submit data against a competitor. (make sense?) I am willing to start, and maintain such list, however, I'd need to know whether or not a) others are willing to share attack data (which will be sanitized) b) other businesses and peers would find the data useful. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF