While we are on that matter.. I want to hear your opinion guys.<div>Despite it is opensips or something else, the fraud calls are a huge issue now days... especially in the pinless scenarios.<br><div><br></div><div>Here is the problem: the DID provider sends the call in -> the call is authenticated by caller id -> the call is processed</div>
<div>In that scenario the DID provider sends fake caller ID.</div><div><br></div><div>To handle that issue, one of my customers wants to implement this:</div><div><a href="http://www.trustid.com/solutions/">http://www.trustid.com/solutions/</a></div>
<div><br></div><div><a href="http://www.trustid.com/solutions/"></a>Looking trough their demo, this sounds too much like science fiction to me. As far as someone is working with caller IDs all over the world, there is no any good way to determinate if the caller id is real or not. Up to my knowledge, the only really secured way is to receive the incoming calls directly trough PSTN rather than VoIP. </div>
<div><br></div><div>Do you feel like me this company cannot provide what they sell or you have any vision different than mine? Please share your opinion :)<br><i style="color:rgb(102, 102, 102)"><br>
Thanks<br>-- Kamen</i><br>
<br><br><div class="gmail_quote">On 14 April 2011 13:25, Anca Vamanu <span dir="ltr"><<a href="mailto:anca@opensips.org" target="_blank">anca@opensips.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#ffffff">
Hi Dan,<div><br>
<br>
<br>
On 04/13/2011 05:43 PM, Dan Ballance wrote:
<blockquote type="cite">Hi there,
<div><br>
</div>
<div>I am investigating OpenSIPS for use in my company's VOIP
network. I'm wondering if I could get a little advice on a
design I am considering?</div>
<div><br>
</div>
<div>The problem:</div>
<div>
<br>
</div>
<div>We currently have a VOIP network built around a propriety SIP
proxy which we are discovering appears to have a number of
security weaknesses. The most significant of these is it's
inability to tear down calls in progress once a user's balance
has hit zero and having no ability to limit the channels that a
user has open. This could potentially cripple our business due
to the losses we are experiencing from fraud.</div>
<div><br>
</div>
</blockquote>
<br></div>
You can use opensips for implementing the firewall that you require,
but your solution is not complete. I will explain bellow why. <br><div>
<br>
<blockquote type="cite">
<div>A very early draft of my solution:</div>
<div><br>
</div>
<div>I have noticed the OpenSIPS module userblacklist ( <a href="http://www.opensips.org/html/docs/modules/1.6.x/userblacklist.html" target="_blank">http://www.opensips.org/html/docs/modules/1.6.x/userblacklist.html</a> )
and believe that this could solve our problems. I have other
code running elsewhere on our network which is able to identify
fraudulent calls - I just need a way of killing said calls and
stopping the fraud in progress. It seems with this module I
could call a web service on the OpenSIPS server, add and remove
SIP uris from the blacklist database table and then call the
module MI function via XML-RPC to update the list and cut off
the call. (At least I am hoping it could do this - can the
blacklist block calls in progress?)</div>
</blockquote></div>
The userblacklist module can be used to deny future calls from a
fraudulent account. Just that you have to also provide the prefix
for the destination that you want to block. So, from your external
application you can add record with the account and prefixes in the
<b>userblacklist</b> table and call the MI command
'reload_blacklist' to let opensips know that the list was been
updated. <br>
But you can not use it to stop ongoing calls. For this you need the
<b>dialog</b> module, you can tell it to stop an ongoing call by
sending the MI command
dlg_end_dlg(<a href="http://www.opensips.org/html/docs/modules/devel/dialog.html#id294808" target="_blank">http://www.opensips.org/html/docs/modules/devel/dialog.html#id294808</a>).
Note that you have to call <b>dlg_list</b> 'callid'
(<a href="http://www.opensips.org/html/docs/modules/devel/dialog.html#id294675" target="_blank">http://www.opensips.org/html/docs/modules/devel/dialog.html#id294675</a>)
before to get the info required by <b>dlg_end_dlg</b> command.<div><br>
<blockquote type="cite">
<div><br>
</div>
<div>Assuming the userblacklist module will do what I hope, I have
a question about how to slot the OpenSIPS server into our
network. In an ideal world, I would run the OpenSIPS server in
stateless mode so that is scales well, and do nothing more with
the SIP traffic apart from forward on non-blocked calls to our
existing propriety SIP proxy and block banned SIP uris from
progressing any further.</div>
<div><br>
</div>
<div>The main question I have is can the userblacklist module be
run in stateless mode and is it possible for OpenSIPS to forward
on traffic to another SIP proxy for registration. In effect I
guess I am trying to build some kind of SIP firewall out of
OpenSIPS but I don't know if this is possible. Any advice /
constructive criticism from the knowledgeable people on this
list would be massively appreciated!</div>
<div><br>
</div>
</blockquote></div>
If you use the dialog module - then you will have to have opensips
running in statefull mode (dialog aware in fact).<div><br>
<blockquote type="cite">
<div>Sincerely,</div>
<div><br>
</div>
<div>Dan.</div>
<div><br>
</div>
<div>(If it's okay I will keep my surname and company name
anonymous due to the public nature of this list and the fraud
problems that we have been experiencing.)</div>
<br>
</blockquote></div>
Regards,<br><font color="#888888">
<pre cols="72">--
Anca Vamanu
OpenSIPS Developer</pre>
</font></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div>