[VOIPSEC] VoIP and Fraud
Christopher A. Martin
chris at sip1.com
Fri Feb 25 18:31:22 CST 2005
The caller id spoof thread here is one that I missed... Carriers can prevent
this, but the end to end potential of VoIP makes it hard, this is definitely
an area to look into. It still boils down to needing a method for
non-repudiation for VoIP.
Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
Chris at InfraVAST.com
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Mark Fletcher
> Sent: Monday, February 14, 2005 7:28 PM
> To: 'Mahesh Thakkar'; 'Voipsec at voipsa.org'
> Subject: RE: [VOIPSEC] VoIP and Fraud
>
> Mahesh,
>
> There are many potential areas, but one that concerns me is the ability
> for
> a user to easily spoof their Caller ID. Typically this has only been
> available to administrators of a PBX with PRI circuits. Many call this
> 'security via obscurity'. By spoofing CLID, a caller could raise havoc
> with
> Emergency Services and the national E9-1-1 system, or use a spoofed CLID
> to
> socially engineer people into giving up personal information.
>
> Mark J. Fletcher
> Sr. Systems Engineer
>
> Office: 973-285-5745 (ESN 287-5745)
> Mobile: 973-919-6144
> SIP/Email: fletch at nortel.com <mailto:fletch at nortel.com>
> Visit Nortel on the web at http://nortel.com <http://nortel.com/>
>
> PLEASE NOTE NEW EMAIL ADDRESS: <mailto:Fletch at Nortel.com>
> Fletch at Nortel.com
>
>
>
>
>
> "This e-mail and any files transmitted with it are the property of Nortel
> Networks Inc., are confidential, and are intended solely for the use of
> the
> individual or entity to whom this e-mail is addressed. If you are not one
> of
> the named recipient(s) or otherwise have reason to believe that you have
> received this message in error, please notify the sender at 973.285.5745
> and
> delete this message immediately from your computer. Any other use,
> retention, dissemination, forwarding, printing, or copying of this e-mail
> is
> strictly prohibited."
>
>
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org
> <mailto:Voipsec-bounces at voipsa.org> ] On Behalf Of Mahesh Thakkar
> Sent: Sunday, February 13, 2005 3:33 AM
> To: Voipsec at voipsa.org
> Subject: [VOIPSEC] VoIP and Fraud
>
>
> Dear All,
>
> I am new to VoIP, but not to communication. I am in telecom for the last 7
> years (GSM) and looking after Revenue Assurance and Fraud. I would like to
> know what are the vulnerabilities of VoIP and loop holes for fraud in
> practical day to day business and how one can protect or be prepared to
> act
> against VoIP fraud.
>
> Responses are highly appreciated
>
> --
> Mahesh Thakkar
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> <http://voipsa.org/mailman/listinfo/voipsec_voipsa.org>
>
>
More information about the Voipsec
mailing list