[VOIPSEC] Tackling VoIP fraud, new idea
On Fri, 21 Feb 2014, Sergey Kolesnichenko wrote:
One more mailing list? :-) I'm sure it is a bad idea. I'm working for a company to protect it from VoIP related attacks, but you will never have gurantess that I will not be using the data in a private list to attack someone as a private individual :-) it is a security hole in a private list about VoIP security...
I disagree with it being a bad idea. There is never any guarantees in life. The purpose for a private list, is it protects COMPANIES data. There is a trust mechanism in the sense that should/if/when someone wants to contest data, I can go back based on checksum to determine WHO submitted what. I HIGHLY doubt, someone would throw away their reputation, and or damage company reputation by submitting falsified data. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
Email sucks for this. I don't want to read an email about something hours or days after the issue is happening and have to do something manually to protect my infrastructure. This seems like something that should be an API in which trusted people can access. But then you have concerns about trust of the data. Do I trust your reasoning for an IP block? Do I even get to see your evidence? Honestly I don't need a list or an API to block stuff. HOWEVER, if this can become a private discussion list to talk about methods, techniques and tactics that we can all implement in order to prevent telecom/SIP/VoIP fraud on our own, THAT I'd be interested in. Beckman On Fri, 21 Feb 2014, J. Oquendo wrote:
On Fri, 21 Feb 2014, Sergey Kolesnichenko wrote:
One more mailing list? :-) I'm sure it is a bad idea. I'm working for a company to protect it from VoIP related attacks, but you will never have gurantess that I will not be using the data in a private list to attack someone as a private individual :-) it is a security hole in a private list about VoIP security...
I disagree with it being a bad idea. There is never any guarantees in life. The purpose for a private list, is it protects COMPANIES data. There is a trust mechanism in the sense that should/if/when someone wants to contest data, I can go back based on checksum to determine WHO submitted what. I HIGHLY doubt, someone would throw away their reputation, and or damage company reputation by submitting falsified data.
-- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman at angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
participants (2)
-
beckman@angryox.com -
sil@infiltrated.net