[VOIPSEC] VoIP and Fraud
Brian Rosen
br at brianrosen.net
Sat Feb 26 12:35:24 CST 2005
For calls within a domain, such as those within one carrier, there is
P-Asserted-Identity, that allows the carrier to assert the CallerId. The
general answer is Jon Peterson's Identity draft, which works on the
Internet.
Non repudiation is another story. No work on that yet.
Brian
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Christopher A. Martin
> Sent: Friday, February 25, 2005 7:31 PM
> To: 'Mark Fletcher'; 'Mahesh Thakkar'; Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] VoIP and Fraud
>
> The caller id spoof thread here is one that I missed... Carriers can
> prevent
> this, but the end to end potential of VoIP makes it hard, this is
> definitely
> an area to look into. It still boils down to needing a method for
> non-repudiation for VoIP.
>
> Christopher A. Martin
> P.O. Box 1264
> Cedar Hill, Texas 75106
> Chris at InfraVAST.com
>
> > -----Original Message-----
> > From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> > Behalf Of Mark Fletcher
> > Sent: Monday, February 14, 2005 7:28 PM
> > To: 'Mahesh Thakkar'; 'Voipsec at voipsa.org'
> > Subject: RE: [VOIPSEC] VoIP and Fraud
> >
> > Mahesh,
> >
> > There are many potential areas, but one that concerns me is the ability
> > for
> > a user to easily spoof their Caller ID. Typically this has only been
> > available to administrators of a PBX with PRI circuits. Many call this
> > 'security via obscurity'. By spoofing CLID, a caller could raise havoc
> > with
> > Emergency Services and the national E9-1-1 system, or use a spoofed CLID
> > to
> > socially engineer people into giving up personal information.
> >
> > Mark J. Fletcher
> > Sr. Systems Engineer
> >
> > Office: 973-285-5745 (ESN 287-5745)
> > Mobile: 973-919-6144
> > SIP/Email: fletch at nortel.com <mailto:fletch at nortel.com>
> > Visit Nortel on the web at http://nortel.com <http://nortel.com/>
> >
> > PLEASE NOTE NEW EMAIL ADDRESS: <mailto:Fletch at Nortel.com>
> > Fletch at Nortel.com
> >
> >
> >
> >
> >
> > "This e-mail and any files transmitted with it are the property of
> Nortel
> > Networks Inc., are confidential, and are intended solely for the use of
> > the
> > individual or entity to whom this e-mail is addressed. If you are not
> one
> > of
> > the named recipient(s) or otherwise have reason to believe that you have
> > received this message in error, please notify the sender at 973.285.5745
> > and
> > delete this message immediately from your computer. Any other use,
> > retention, dissemination, forwarding, printing, or copying of this e-
> mail
> > is
> > strictly prohibited."
> >
> >
> >
> > -----Original Message-----
> > From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org
> > <mailto:Voipsec-bounces at voipsa.org> ] On Behalf Of Mahesh Thakkar
> > Sent: Sunday, February 13, 2005 3:33 AM
> > To: Voipsec at voipsa.org
> > Subject: [VOIPSEC] VoIP and Fraud
> >
> >
> > Dear All,
> >
> > I am new to VoIP, but not to communication. I am in telecom for the last
> 7
> > years (GSM) and looking after Revenue Assurance and Fraud. I would like
> to
> > know what are the vulnerabilities of VoIP and loop holes for fraud in
> > practical day to day business and how one can protect or be prepared to
> > act
> > against VoIP fraud.
> >
> > Responses are highly appreciated
> >
> > --
> > Mahesh Thakkar
> >
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> > <http://voipsa.org/mailman/listinfo/voipsec_voipsa.org>
> >
> >
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
More information about the Voipsec
mailing list