[OpenSIPS-Users] Fraud Detection in OpenSIPS 1.12

Răzvan Crainea razvan at opensips.org
Tue Sep 2 18:26:01 CEST 2014

Hi all,

The second topic discussed during the last IRC meeting[1] was about 
building a Fraud Detection module that prevents PBX or accounts hijacking.

Basically the module will allow you to define different dialing profiles 
(the destination you are dialing, how often, how many parallel calls, 
etc.) - the profiles are statically defined via DB. Such profile is 
assigned to a dialing entity (end-user, SIP trunk, inbound gateway, 
etc.). These metrics can be further interpreted to block or allow 
certain suspicious calls from that entity.

The module will export a new command in the OpenSIPS script that can be 
used to check whether the call should be allowed or not. The command 
will return different error codes, depending on the severity: 1 for the 
normal state (call should be allowed, no abnormalities detected), -1 for 
warning (user is approaching to a critical limit) and -2 for critical 
(thresholds are reached, call should not be allowed). A usage example 
might be something like this:

if (check_fraud("$rU", "$fU", "premium") < 0) {
     switch($retcode) {
     case -1:
         xlog("WARNING: $fU called to $rU\n");

     case -2:
         xlog("CRITICAL: $fU called to $rU - call denied\n");
         send_reply("403", "Forbidden");

Moreover, the module will also trigger events (that can be handled by 
event_routes or external applications) whenever those thresholds are 

The discussion was not closed during the meeting, so we need to gather 
more ideas for the Fraud Detection module. What kind of features would 
you like to see in this module? What use case scenarios you find 
suitable for fraud detection? How would you like to use this feature?

Feel free to give any feedback you find useful for this!

[1] http://www.opensips.org/Community/IRCmeeting20140827

Best regards,

Răzvan Crainea
OpenSIPS Solutions

More information about the Users mailing list