We see a bunch of fraud on our VoIP Peering infrastructure and I was curious what you guys recommend to help mitigate some of those issues
This is a broad question as fraud is a really broad issue but I appreciate that you are interested in a more narrow portion – fraud as it pertains to Peering devices. Actually, not a bad starting point – we recommend a standalone device for peering – ideally a session border controller (SBC) that can protect the edge between your public and private VoIP network.
My answer is in three parts below – normal tools that are available on SBCs to catch fraud, types of fraud that we hear about and see sometimes among our Service Provider Partners and some suggested prevention tools.
Here are some of the normal tools available on an SBC (like Genband’s Quanitx/S3) to identify and prevent fraud:
=> Rate limiting at IP layer level.
=> SIP Messaged throttling and Rate limiting.
=> Loop Detection.
=> Loop avoidance.
By default these are configured to prevent generic attacks like Denial of Service which has limited utility against fraud.
Here are some of the types of fraud we hear about:
=> VoIP Spam.
=> After hour calls.
=> Excessive duration calls.
=> High frequency calls to a set of numbers.
=> High frequency calls from a set of numbers.
=> Calling to General high risk countries (generally high cost destinations).
Here are some suggestions for preventing or mitigating these types of toll fraud:
=> Do not allow all routes to all customers – route limiting. Make international calling an opt-in rather than a standard part of your service especially to high cost locales.
=> Measure traffic too and from your carriers, regulate the traffic to your ability and ask the carriers what capabilities they have to alarm and to cutoff suspicious traffic.
=> Drop calls after a certain period of time. Set maximum duration for calls – particularly to expensive destinations.
=> Invest in an effective alerting system that monitors your call detail records in near real time and either tells you when a problem occurs or dynamically blocks a user, trunk or destination.
=> Make sure you understand customer traffic patterns – make it part of on-boarding to get utilization forecasting.
=> Aggressively monitor simultaneous call paths available so that you have only as many call paths as you need (with a little overhead).
=> Do frequent scans for strange endpoints or trunks subscribing to your Peering device.
Clearly these are only a few suggestions that can help you to mitigate fraud – there is no panacea against this perpetual fight to minimize the effect of fraudulent toll calls but asking questions, being vigilant and having a policy to combat fraud is a crucial step. Good luck.