[OpenSIPS-Users] Could I build a "SIP firewall" with OpenSIPS?

[Brett Nemeroff]

On Sat, Apr 16, 2011 at 12:57 PM, Kamen Petrov <kamen.petrov at gmail.com>wrote:

> While we are on that matter.. I want to hear your opinion guys.
> Despite it is opensips or something else, the fraud calls are a huge issue
> now days... especially in the pinless scenarios.
>
> Here is the problem: the DID provider sends the call in -> the call is
> authenticated by caller id -> the call is processed
> In that scenario the DID provider sends fake caller ID.
>
> To handle that issue, one of my customers wants to implement this:
> http://www.trustid.com/solutions/
>
> <http://www.trustid.com/solutions/>Looking trough their demo, this sounds
> too much like science fiction to me. As far as someone is working with
> caller IDs all over the world, there is no any good way to determinate if
> the caller id is real or not. Up to my knowledge, the only really secured
> way is to receive the incoming calls directly trough PSTN rather than VoIP.
>
> Do you feel like me this company cannot provide what they sell or you have
> any vision different than mine? Please share your opinion :)
> *
> *
>

I can imagine some ways this may be possible with some fancy SS7 queries,
but not entirely sure. Owning the DID and the PSTN connectivity is a decent
way to ensure that the BTN and CID match. But even that isn't terribly
accurate. The best way is simply to not use any fields that customers can
set on their own to identify a client. ANI authentication is a big mistake
in my opinion. I certainly understand why people want it, but it's asking
for someone to hack it.

For what it's worth it's reasonably obscure. Which is really the only
security you've got. Security by means of obscurity is really mediocre at
best.
-Brett


-Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20110416/11fbe2b5/attachment.htm>