Tuesday, August 19, 2008

Re: [asterisk-biz] Fraud. (here we go again)

Our "top-ten" (or maybe "bottom-ten"...) countries so far are:

1. Egypt
2. Jordan
3. Palestinian Territory
4. Lebanon
5. China
6. Vietnam
7. India
8. Russia
9. North Korea
10. UK

Unfortunately, we do have legit customers from almost all of
these, so just blocking these at the firewall is not an option.
We screen each and every transaction (human), and usually detect
fraud in 99% of cases, but the Vietnamese guys are VERY good and
got past us for a few days. Damage is not too great, about $30
or so - but I want to make sure they don't succeed again.

-- Nitzan

--- On Tue, 8/19/08, Sam Tam <samtam888@gmail.com> wrote:

> From: Sam Tam <samtam888@gmail.com>
> Subject: Re: [asterisk-biz] Fraud. (here we go again)
> To: "'Commercial and Business-Oriented Asterisk Discussion'" <asterisk-biz@lists.digium.com>
> Date: Tuesday, August 19, 2008, 2:24 AM
> Hey what wrong with Hong Kong. I don't believe you will
> have a lot of ports
> scan or dictionary attacks from Hong Kong. China yes may
> be. But Come on..
> You will be more likely to get port scan from a network
> like ev1 which from
> Hong Kong. Or at least may be 5 times as much.
>
> If you read the statistic, most hacks attempts or scam
> attempts are from
> China, Africa(not a lot of hack attempts), Russia, USA
> <---yes my friend USA
> too, you really won't see a lot from Vietnam (their
> broadband go down every
> afternoon for a few hrs and bw price is rocket high),
> Thailand (they are
> paying like close to $400 -1000 USD per mb so you think
> they will use it to
> port scan you ?)
>
> Just my 2 cent
> Sam
>
> -----Original Message-----
> From: asterisk-biz-bounces@lists.digium.com
> [mailto:asterisk-biz-bounces@lists.digium.com] On Behalf Of
> Alex Balashov
> Sent: Tuesday, August 19, 2008 1:57 PM
> To: nk3569@yahoo.com; Commercial and Business-Oriented
> Asterisk Discussion
> Subject: Re: [asterisk-biz] Fraud. (here we go again)
>
> Maybe an overly shotgun approach for your tastes, but I
> personally
> firewall off all IP blocks from APNIC (the Asian-Pacific
> RIR) delegated
> to the southeast Asian countries (China, Korea, Vietnam,
> Thailand, Laos,
> Hong Kong -- yes, I know it is not a country). Over 90% of
> my port
> scans, my dictionary attacks and my problems seem to come
> from there.
>
> If you take that approach, definitely don't block all
> the aggregate
> APNIC ranges. That would exclude quite a few Australians
> and New
> Zealanders.
>
> There are plenty of lists available online reliably of the
> blocks
> delegated by country, with a specific focus on that region.
> It is not
> an uncommon practise among sysadmins.
>
> --
> Alex Balashov
> Evariste Systems
> Web : http://www.evaristesys.com/
> Tel : (+1) (678) 954-0670
> Direct : (+1) (678) 954-0671
> Mobile : (+1) (706) 338-8599
>
> _______________________________________________
> --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
>
> AstriCon 2008 - September 22 - 25 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
>
> AstriCon 2008 - September 22 - 25 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

AstriCon 2008 - September 22 - 25 Phoenix, Arizona
Register Now: http://www.astricon.net

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)