I don't mind, but some believe that letting the fraudsters in on our techniques allows them to have more information in order to circumvent our roadblocks. If there was a private list, technical implementations could be spoken of without tipping our hand in public forums for fraudsters to counter. Beckman On Fri, 21 Feb 2014, Sergey Kolesnichenko wrote:

Why dont't you want to speak about tactics here openly?

2014-02-21 19:51 GMT+02:00 Peter Beckman <beckman at angryox.com>:

...

Email sucks for this. I don't want to read an email about something hours or days after the issue is happening and have to do something manually to protect my infrastructure.

This seems like something that should be an API in which trusted people can access.

But then you have concerns about trust of the data. Do I trust your reasoning for an IP block? Do I even get to see your evidence?

Honestly I don't need a list or an API to block stuff.

HOWEVER, if this can become a private discussion list to talk about methods, techniques and tactics that we can all implement in order to prevent telecom/SIP/VoIP fraud on our own, THAT I'd be interested in.

Beckman

On Fri, 21 Feb 2014, J. Oquendo wrote:

On Fri, 21 Feb 2014, Sergey Kolesnichenko wrote:

...

One more mailing list? :-) I'm sure it is a bad idea. I'm working for a

...

company to protect it from VoIP related attacks, but you will never have gurantess that I will not be using the data in a private list to attack someone as a private individual :-) it is a security hole in a private list about VoIP security...

I disagree with it being a bad idea. There is never any guarantees in life. The purpose for a private list, is it protects COMPANIES data. There is a trust mechanism in the sense that should/if/when someone wants to contest data, I can go back based on checksum to determine WHO submitted what. I HIGHLY doubt, someone would throw away their reputation, and or damage company reputation by submitting falsified data.

-- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of real peace" - Dalai Lama

42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops

------------------------------------------------------------ --------------- Peter Beckman Internet Guy beckman at angryox.com http://www.angryox.com/ ------------------------------------------------------------ ---------------

_______________________________________________ Voipsec mailing list Voipsec at voipsa.org http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman at angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------