On Thu, Jul 11, 2019 at 12:00 PM Paul Timmins <p...@telcodata.us> wrote: > > Chris it would be trivial for this to be fixed, nearly overnight, by > creating some liability on the part of carriers for illicit use of > caller ID data on behalf of their customers.
'illicit use of caller id' - how is caller-id being illicitly used though? I don't think it's against the law to say a different 'callerid' in the call session, practically every actual call center does this, right? > But the carriers don't want that, so now we have to create tons of > technical half solutions to solve a problem that would be neatly solved > by carriers. logs analysis and 'netflow' (CDR trolling, really) would be nearly free for them, implementing actions based on the data / outcomes of that analysis at near-real-time would also be nearly free... but sure, we can do a bunch of this other stuff too... My sort of solution has actually got proven track record though? -chris > On 7/11/19 12:09 AM, Christopher Morrow wrote: > > There seem like a bunch of pretty simple 'correlations' one could > > make, that actually look a heck of a lot like 'netflow/log analysis > > for ddos detection': > > o is this trunk sourcing calls to 'too many' of my subs in > > period-of-time-X > > o is this trunk sourcing calls from a low distribution of ANI but > > a different distribution of CallerID > > o is this trunk sourcing calls from unmatched (as a percent of > > total) ANI/CallerID > > > > I would think you could make similar correlations across the > > destinations on your phone-network: > > o Is there one ANI or CallerID talking to 'all' (a bunch, more > > than X of type Y customer end point) of my endpoints? > > o are there implausible callerid being used? (lots of 'NPA-NXX > > matches destination, yet from a very different geography?)
