Fraud Detection in OpenSIPS 1.12

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Fraud Detection in OpenSIPS 1.12

Răzvan Crainea-2
Hi all,

The second topic discussed during the last IRC meeting[1] was about
building a Fraud Detection module that prevents PBX or accounts hijacking.

Basically the module will allow you to define different dialing profiles
(the destination you are dialing, how often, how many parallel calls,
etc.) - the profiles are statically defined via DB. Such profile is
assigned to a dialing entity (end-user, SIP trunk, inbound gateway,
etc.). These metrics can be further interpreted to block or allow
certain suspicious calls from that entity.

The module will export a new command in the OpenSIPS script that can be
used to check whether the call should be allowed or not. The command
will return different error codes, depending on the severity: 1 for the
normal state (call should be allowed, no abnormalities detected), -1 for
warning (user is approaching to a critical limit) and -2 for critical
(thresholds are reached, call should not be allowed). A usage example
might be something like this:

if (check_fraud("$rU", "$fU", "premium") < 0) {
     switch($retcode) {
     case -1:
         xlog("WARNING: $fU called to $rU\n");
         break;

     case -2:
         xlog("CRITICAL: $fU called to $rU - call denied\n");
         send_reply("403", "Forbidden");
         exit;
     }
}

Moreover, the module will also trigger events (that can be handled by
event_routes or external applications) whenever those thresholds are
reached.

The discussion was not closed during the meeting, so we need to gather
more ideas for the Fraud Detection module. What kind of features would
you like to see in this module? What use case scenarios you find
suitable for fraud detection? How would you like to use this feature?

Feel free to give any feedback you find useful for this!

[1] http://www.opensips.org/Community/IRCmeeting20140827

Best regards,

--
Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Fraud Detection in OpenSIPS 1.12

LAVerPNZ
This unit is compatible with version Opensips 1.11.2-tls (x86_64)? You
can get a direct link?

02.09.2014 20:26, Răzvan Crainea wrote:
> Hi all,
>
> The second topic discussed during the last IRC meeting[1] was about
> building a Fraud Detection module that prevents PBX or accounts
> hijacking.
> ......................



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Fraud Detection in OpenSIPS 1.12

LAVerPNZ
In reply to this post by Răzvan Crainea-2
This module is compatible with version Opensips 1.11.2?
if so, where to find it?

02.09.2014 20:26, Răzvan Crainea пишет:

> Hi all,
>
> The second topic discussed during the last IRC meeting[1] was about
> building a Fraud Detection module that prevents PBX or accounts
> hijacking.
>
> Basically the module will allow you to define different dialing
> profiles (the destination you are dialing, how often, how many
> parallel calls, etc.) - the profiles are statically defined via DB.
> Such profile is assigned to a dialing entity (end-user, SIP trunk,
> inbound gateway, etc.). These metrics can be further interpreted to
> block or allow certain suspicious calls from that entity.
>
> The module will export a new command in the OpenSIPS script that can
> be used to check whether the call should be allowed or not. The
> command will return different error codes, depending on the severity:
> 1 for the normal state (call should be allowed, no abnormalities
> detected), -1 for warning (user is approaching to a critical limit)
> and -2 for critical (thresholds are reached, call should not be
> allowed). A usage example might be something like this:
>
> if (check_fraud("$rU", "$fU", "premium") < 0) {
>     switch($retcode) {
>     case -1:
>         xlog("WARNING: $fU called to $rU\n");
>         break;
>
>     case -2:
>         xlog("CRITICAL: $fU called to $rU - call denied\n");
>         send_reply("403", "Forbidden");
>         exit;
>     }
> }
>
> Moreover, the module will also trigger events (that can be handled by
> event_routes or external applications) whenever those thresholds are
> reached.
>
> The discussion was not closed during the meeting, so we need to gather
> more ideas for the Fraud Detection module. What kind of features would
> you like to see in this module? What use case scenarios you find
> suitable for fraud detection? How would you like to use this feature?
>
> Feel free to give any feedback you find useful for this!
>
> [1] http://www.opensips.org/Community/IRCmeeting20140827
>
> Best regards,
>



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Fraud Detection in OpenSIPS 1.12

Pavel Eremin-3
In reply to this post by LAVerPNZ

It's only discussion about new module, no real module available.

07.11.2014 11:29 пользователь "Лытаев Антон Викторович" <[hidden email]> написал:
This unit is compatible with version Opensips 1.11.2-tls (x86_64)? You can get a direct link?

02.09.2014 20:26, Răzvan Crainea wrote:
Hi all,

The second topic discussed during the last IRC meeting[1] was about building a Fraud Detection module that prevents PBX or accounts hijacking.
......................



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Fraud Detection in OpenSIPS 1.12

LAVerPNZ
interestingly- the description is:http://www.opensips.org/html/docs/modules/1.12.x/fraud_detection, and the module is not ....
sorry, it is very useful to...

16.11.2014 10:25, Pavel Eremin пишет:

It's only discussion about new module, no real module available.

07.11.2014 11:29 пользователь "Лытаев Антон Викторович" <[hidden email]> написал:
This unit is compatible with version Opensips 1.11.2-tls (x86_64)? You can get a direct link?

02.09.2014 20:26, Răzvan Crainea wrote:
Hi all,

The second topic discussed during the last IRC meeting[1] was about building a Fraud Detection module that prevents PBX or accounts hijacking.
......................



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Fraud Detection in OpenSIPS 1.12

Răzvan Crainea-2
In reply to this post by LAVerPNZ
Hi, Anton!

The module will only be available in OpenSIPS 2.1 (aka 1.12). It is not
compatible with OpenSIPS 1.11, and it will not be backported.

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com

On 11/15/2014 11:02 PM, Anton wrote:

> This module is compatible with version Opensips 1.11.2?
> if so, where to find it?
>
> 02.09.2014 20:26, Răzvan Crainea пишет:
>> Hi all,
>>
>> The second topic discussed during the last IRC meeting[1] was about
>> building a Fraud Detection module that prevents PBX or accounts
>> hijacking.
>>
>> Basically the module will allow you to define different dialing
>> profiles (the destination you are dialing, how often, how many
>> parallel calls, etc.) - the profiles are statically defined via DB.
>> Such profile is assigned to a dialing entity (end-user, SIP trunk,
>> inbound gateway, etc.). These metrics can be further interpreted to
>> block or allow certain suspicious calls from that entity.
>>
>> The module will export a new command in the OpenSIPS script that can
>> be used to check whether the call should be allowed or not. The
>> command will return different error codes, depending on the severity:
>> 1 for the normal state (call should be allowed, no abnormalities
>> detected), -1 for warning (user is approaching to a critical limit)
>> and -2 for critical (thresholds are reached, call should not be
>> allowed). A usage example might be something like this:
>>
>> if (check_fraud("$rU", "$fU", "premium") < 0) {
>>     switch($retcode) {
>>     case -1:
>>         xlog("WARNING: $fU called to $rU\n");
>>         break;
>>
>>     case -2:
>>         xlog("CRITICAL: $fU called to $rU - call denied\n");
>>         send_reply("403", "Forbidden");
>>         exit;
>>     }
>> }
>>
>> Moreover, the module will also trigger events (that can be handled by
>> event_routes or external applications) whenever those thresholds are
>> reached.
>>
>> The discussion was not closed during the meeting, so we need to
>> gather more ideas for the Fraud Detection module. What kind of
>> features would you like to see in this module? What use case
>> scenarios you find suitable for fraud detection? How would you like
>> to use this feature?
>>
>> Feel free to give any feedback you find useful for this!
>>
>> [1] http://www.opensips.org/Community/IRCmeeting20140827
>>
>> Best regards,
>>
>
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users