Killing VoIP Theft: Werewolf, or Hydra?

April 23, 2013

At the SIP Forum’s  SIPNOC 2013 meeting in Herndon Virginia, I’ll be presenting on how to kill VoIP Theft. Is it more like a Werewolf, or more like a Hydra?

The Bad Guys are stealing service from any VoIP service provider they can. The attacks come through several vectors, but typically they (a) discover SIP credentials, then do direct SIP registration; or (b) compromise a customer VoIP device, then route calls through it.

Many products and practices have sought to address the problem. While some powerful techniques have been produced, none of these are a silver bullet that stops the problem and allows the flexibility needed for modern, open VoIP Service Providers.

Nevertheless, a combination of techniques is making real progress. Based on experience at multiple major US VoIP service providers, we show that a particular combination of ingredients, when applied properly and in concert, neutralizes all of common attacks.

In this talk at SIPNOC 2013, I’ll discuss the prevalent attack techniques, the combination we’re having success with, the contribution of each element of protection, how the combination is working in practical service providers.

FraudStopper Frequently Asked Questions

January 27, 2012

Here at ECG, we’re very excited about FraudStopper, our toll-fraud detection system. It is the only Fraud Detection tool optimized for VoIP service providers running BroadWorks, Metaswitch, or similar platforms.

You can get more details on FraudStopper on the FraudStopper page.

Here are some of the common questions we’re getting.

What kind of fraud does FraudStopper stop?
FraudStopper is intended for the most prevalent form of Toll Fraud for VoIP Carriers. In most scenarios, someone has VoIP service with no SIP authentication, or very weak SIP credentials. For example, the password might be, literally, “password”. Criminals discover this account via the Internet, then take over that user’s account and place expensive outbound calls.

What are FraudStopper’s thresholds?
Most of the simple Fraud prevention tools are based on simple assumptions about user’s behavior. For example, many of them will alert if they ever see two concurrent International calls from one customer. Or they may alert if they detect more than 5 International calls in a day.

As long as these work, then that’s great. But what about the customer who regularly makes a dozen International calls each day? You have to start building in exceptions.

Instead of building in a lot of exceptions, FraudStopper dynamically and automatically compiles a User Behavior Database of each user’s behavior. So it knows that Fred makes 50 international calls every Tuesday, but almost none on Saturdays. And it knows that Granny never makes an international call.

What versions of FraudStopper are available?
FraudStopper comes in two versions. In both cases, FraudStopper is installed in your own network.

• ECG Trained Analysts. FraudStopper with Human Analysts provides real-time, 24x7x365 monitoring for fraud on your system.
• Your Own Analysts. FraudStopper sends alerts only to your staff.

How is FraudStopper priced?
FraudStopper pricing is based on the number of monitored users, and the type of analyst services you want.

VoIP Fraud Could Kill Your Company — FraudStopper Kills the Fraud

October 3, 2011

Metaswitch Forum 2011, Las Vegas, NV, Oct. 3, 2011 –

ECG, a VoIP network design and integration consultancy, announces the success of FraudStopper, a new toll-fraud detection system optimized for VoIP providers. FraudStopper was deployed in June 2011 at a nationwide CLEC based in New York City. The system has successfully detected numerous incidents of attempted theft of service, saving the CLEC tens of thousands of dollars in losses for international termination.

VoIP Toll Fraud became a major issue for many carriers in November 2010, when thieves began using the “SIPVicious” security scanning tool to search the Internet for VoIP service that could be stolen. ECG estimates that over US $1M in international termination service has been stolen by criminals targeting VoIP service providers in the United States. Some individual incidents have amounted to more than US $160,000.

Most fraud detection systems have simplistic thresholds to identify risky behavior. If a customer appears to make a large number of international calls, the system will alert automatically. But if that same customer routinely makes a large number of international calls and pays for the service, it could simply be their normal course of business. Such simplistic schemes cannot handle the wide diversity among VoIP customers, some of whom make no international calls, while others make numerous calls.

“FraudStopper learns the normal behavior for customers by analyzing historical billing records to determine what is routine for each individual,” said James Pucket, president of ECG. “Statistics are tracked per customer in the User Behavior Database.  When international calling occurs that does not match a customer’s profile, FraudStopper can detect that change and report the risk.”

However, ordinary activity on a Monday might be fraudulent levels on a Saturday. FraudStopper’s dynamic database understands weekly patterns of work. The User Behavior Database compares details from the day of the week extending far into the past to make accurate judgments and reduce false positives.

Alerting from FraudStopper is done through email and SNMP. The email describes the user suspected of fraud, and the historical profile for the user. This allows operations staff to determine the risk and make a judgment. The SNMP trap allows integration with Network-Management tools like HP OpenView and SolarWinds.

The Real-Time Call Progress Monitor in FraudStopper can receive input data from practically any source. Full integration with real-time or batched data sources is available. ECG has integrated using CDRs from Metaswitch, BroadSoft, Acme Packet, Alcatel-Lucent, and others.

About ECG:

ECG is technical consultancy for VoIP, Telecom, and Internet service providers. The technical staff at ECG have been designing and implementing carrier networks since 1995, and bring the value of their experience through troubleshooting, network integration and more. Major vendors, such as Acme Packet, BroadSoft and Metaswitch use ECG for special projects, while carriers including AT&T, TelePacific and Stage2 Networks use ECG to support their network design and operations. Visit http://www.e-c-group.com/.

About Metaswitch Forum 2011

Now in its eighth year, the Metaswitch Forum is firmly established as a premier event for service providers that are embracing the move to all-IP networking and services. With more than 200 service providers attending from around the world, Metaswitch customers and prospects value the opportunity to talk technology, analyze trends, share marketing ideas and explore solutions at our Mosaic partner expo.   This year’s event looks closely at the impact of customer mobility and the migration to ever more intelligent endpoints interacting with a cloud service core.  Featuring customer, celebrity and executive keynote speakers, specialized tracks and continuous networking opportunities, Forum 2011 runs from October 3-6 at the Bellagio Resort and Casino, Las Vegas.  For more information, visit http://www.metaswitchforum.com/.  Or #mforum2011.

Need to understand Acme Packet SIP Trunking? Registration?

March 16, 2010

The Acme Packet SBC is an amazing beast. I tell clients that it’s basically a programming language — there’s a ton of flexibility, and all kinds of complexity. There are so many ways to accomplish the same thing — which one is best?

ECG has a new, high-speed training class on Acme Packet SIP Trunking and Registration. This is a high-speed class intended to cover just the basics you need to configure SIP trunking in the Acme Packet OS-C (4250, 4500, 3800, 9200), or configure SIP registration. ECG has been installing, configuring, and troubleshooting Acme Packet OS-C systems since 2004. We really know the box inside and out.

Let us show you the tactical details you need. Learn how to piece together a SIP Trunking or registration config — complete with realms, local-policy’s, sip-interface’s, steering-pool’s, session-group’s, session-agent’s, etc. Understand the key options, and learn which options to study later.

Read more on the Acme Packet Boot Camp: Building SIP Trunks & Registrationg page. You can email sales@e-c-group.com or call +1-229-244-2099.

Training on BroadWorks Call Processing & Troubleshooting

March 16, 2010

ECG is rolling out new training courses. Another new class we have is on BroadWorks Call Processing and Troubleshooting.

This is a class for the people who really need to understand how BroadWorks does what it does. They need to know how to fix it when it breaks, and how to determine what’s broken.

This class covers all the arcane dark-magic BroadWorks tools, like healthmon, ttIsql, bwcli, and repctl, peercmd. We cover all the logs, like XSLogs, PSLogs, AuditLogs, and ms.syslog. We show you how the protocols interact.

This is a week-long class, taught at your location, or at ECG locations near Denver, Raleigh, or Valdosta, Georgia.

If you’re interested, read more on the BroadWorks Boot Camp: Call Processing & Troubleshooting page. You can email sales@e-c-group.com or call +1-229-244-2099.

New Training Course: BroadWorks Installation and Upgrades

March 16, 2010

We at ECG are pleased to announce a new training course: BroadWorks Installation and Upgrades.

This class is intended to give engineeers and technicians tons of experience installing, patching, and upgrading BroadWorks. There are a numerous small rules, and a few tricks. We at ECG have been doing Broadworks installations since R9 — back in 2002. We’ve done hundreds of installs for carriers around the world.

We have the scars. Let us save you some pain. In addition to being a crack team of special-forces consultants, ECG is a bona-fide BroadWorks service provider providing service in southern Georgia.

This is a week-long class, taught at your location, or at ECG locations near Denver, Raleigh, or Valdosta, Georgia.

If you’re interested, read more on the BroadWorks Boot Camp: Installation & Upgrades page. You can email sales@e-c-group.com or call +1-229-244-2099.

ECG Expands Metaswitch Network Design Team

January 12, 2010

ECG has expanded its Network Design team to include Jonathan Stanley, B.S. C.S. This expansion brings the total design team to six Engineers, capable of designing for 250 carriers per year. This team provides complete Network Designs for VoIP networks, and also reviews of Network Designs provided by Service Providers.

ECG is a leading Network Design and Operation consultancy for the Metaswitch Networks — Carrier Systems division. Since 2007, ECG has accelerated deployments by performing network planning, installation, training, and operational maintenance.

ECG’s brings in-depth knowledge of MetaSwitch Call Agent, Media Gateway, EAS, and N-Series Systems to solid IP Network Design practice. ECG’s Carrier IP and PSTN/SS7 Network Design experience extends to 1995.

• Subscribe

  • Subscribe to RSS
  • Comments

• Recent Posts

  • Killing VoIP Theft: Werewolf, or Hydra?
  • SIPNOC 2013: Taking the Custom out of Customer
  • FraudStopper Frequently Asked Questions
  • VoIP Fraud Could Kill Your Company — FraudStopper Kills the Fraud
  • ECG Combines BroadSoft BroadWorks Troubleshooting Training with Network Analysis
  • ECG Introduces Tool for Simple Call Rating
  • ECG Drives Down Cost of VoIP Expertise
  • Defend Your Network against SIP Registration Attacks
  • Surprise! Some Hosted PBX Features Could Ruin Business Model, Complicate Network Planning
  • Need to understand Acme Packet SIP Trunking? Registration?

• Categories

  • deployment
  • News
  • tech
  • Uncategorized

• Archives

  • April 2013
  • January 2012
  • October 2011
  • November 2010
  • September 2010
  • June 2010
  • April 2010
  • March 2010
  • January 2010
  • October 2009
  • August 2009
  • July 2009

• Links

• Meta

  • Log in
  • WordPress
  • XHTML