In Australia, Rising VoIP Attacks Mean Huge Bills For Victims 178
mask.of.sanity writes with this excerpt from ZDNet Australia: "Australian network companies have told of clients receiving phone bills including $100,000 worth of unauthorised calls placed over compromised VoIP servers. Smaller attacks have netted criminals tens of thousands of dollars worth of calls. A Perth business was hit with a $120,000 bill after hackers exploited its VoIP server to place some 11,000 calls over 46 hours last year. ... Local network providers and the SANs Institute have reported recent spikes in Session Initiation Protocol (SIP) scanning — a process to identify poorly configured VoIP systems — and brute-force attacks against publicly-accessible SIP systems, notably on UDP port 5060."
The REAL crime here (Score:5, Insightful)
It isn't the people hacking into systems they aren't authorized to, it's the price and value of phone calls. In this day and age, we still have "long distance charges" and all that? Really? I can reach web pages hosted all over the globe but I can't make a phone call? It's not the technology, it's the abusive business models. Phone calls should be as free as the internet.
Re:The REAL crime here (Score:5, Insightful)
And that website on the other side of the world totally has the same level of Quality of Service as a phone call.
People put up with crappy cell phone calls, d ppin ev ry ther s lla le, but complain to high hell when there's the least bit of echo or static on a (non-VoIP) land line.
Re:The REAL crime here (Score:4, Insightful)
And that website on the other side of the world totally has the same level of Quality of Service as a phone call. People put up with crappy cell phone calls, d ppin ev ry ther s lla le, but complain to high hell when there's the least bit of echo or static on a (non-VoIP) land line.
Funny, but that website on the other side of the world comes through perfectly without any data corruption or loss of quality even when I'm downloading tens or hundreds of megabytes of data more than I'd be receiving through a several hour long phone call. Hell, I can stream HD video just fine most of the time, but I can't get better than 3.3 kHz on a voice call -- by design.
If voice telephone service sucked as bad as the channel I get to someone's cheap personal website, it would be a vast improvement.
Re:The REAL crime here (Score:5, Insightful)
A web site doesn't have any particular latency requirements, other than 1 second or so.
Browsing the web on a geostationary satellite connection is OK. A phone call on one is pretty crappy.
This doesn't refute the original poster, but it's not as simple as you make out either.
Re: (Score:3, Interesting)
But a good fix would be to have higher bandwidth calls that include FEC so that a lost or late packet could be reconstructed. That would greatly improve call quality in jittery/los
Re:The REAL crime here (Score:4, Interesting)
Reconstructing / resending packets on a VOIP call doesn't help, as it is too late. VOIP needs decent prioritised QOS to work. If you get bits of audio out of order or dropped, retransmits can't help you as its too late by that point (the listener didn't get the audio in time - they hear a bit of silence in the audio).
The only real way of making it work is ensuring VOIP traffic is prirotised so that it doesn't get dropped in the first place. Hence different cost/QOS rules to other generic data that is extremely tolerant of out of order packets and delays.
Unlike streaming audio / video from youtube or whatever, you can't simply buffer 30 sec of audio to work around this, as two-way conversations are real time...
Re: (Score:2)
That makes me think you don't know what FEC is, yet are telling me that I don't know what I'm talking about. Sending FEC with a jitter buffer big enough (just 40 ms more would be enough, based on normalish settings) and you can reconstruct a packet in real time. No resending needed. It's not too late, it comes just in time.
The only real way of making it work is ensuring VOIP traffic is prirotised so that it doesn't get
Re: (Score:3, Insightful)
Most packet loss is due to congestion, which using FEC is only going to make worse. So you'll gain your phone call clarity at the expense of other traffic.
Re: (Score:2)
Re: (Score:2)
And people like that. That's the whole point of QoS.
Re: (Score:2)
Most packet loss is due to congestion
And most congestion is due to the fact that things like file downloads work on the principle of trying to and go as fast as the host can manage and then throttling back if/when that causes congestion.
which using FEC is only going to make worse.
It will mean that the voip call uses more bandwidth which means something else will have to throttle back slightly sooner.
So you'll gain your phone call clarity at the expense of other traffic.
meh, Given the relatively low bandwidt
Re: (Score:2)
Many years back when working on a VoIP project for ACS we found the best way to deal with sat hops was to deal with the remote end as analog (FXS) and do the analog to VoIP conversion back in the Anchorage CO. Cisco VoIP of the day just didn't like to deal with the RTT.
Bellcore specs call up to 150ms toll quality. Anything beyond that is out of spec, But a geo-hop is about 250ms, maybe a bit more with the angles involved that far north.
AK is a great testbed to push protocols to their limits. If I was a b
Re: (Score:2)
FEC = FORWARD ERROR CORRECTION...
It's data packaged with the original data packet which allows the original to be reconstructed (with reasonable certainty), if corrupted.
Re: (Score:2)
Re: (Score:2)
The obvious way to fix most web browsing issues with satellite would be to build a split proxy.
A program running on the internet side would talk to webservers, a program running on the client side would talk to the web browser and then they would talk to each other with a protocol specifically optimised for high latency links.
Re:The REAL crime here (Score:5, Interesting)
Browsing the web on a geostationary satellite connection is OK. A phone call on one is pretty crappy.
I called my daughter who was a foreign exchange student in Germany. We talked for several hours. I did my research, I was signed up for a plan at $0.05/minute. AT&T (with whom I now refuse to transact) charged me almost $4.00 per minute. I spent hours going through their "customer support" speaking to numerous people with names like "Michael" and "Robert" who had strangely Indian accents. See, it turns out that it's CHEAPER to route my call to INDIA and save perhaps $3 of the $6 PER HOUR to have an Indian take that call than an American. Which means that, at maximum, the cost of getting my call to India is actually costing them, at most, $3 per hour. This number matches quite closely to the $0.05 per minute I expected to pay, which works out to $3/hour. This seems to support your point,doesn't it?
But on the flip side, after getting the almost $1,000 phone bill, I went to my cell phone provider (much love for Metro PCS! [metropcs.com]) and got an unlimited international calling (to most first world countries) for just $5/month! We spent the rest of the year my daughter was in Germany blabbing away monthly on my wife's cell phone, with decent call quality and NO HIDDEN COSTS for just $5.
So what's the actual cost of an International call? Certainly, AT&T has a very expensive way to do it, Metro-PCS [metropcs.com] can do a good job of it for prices too cheap to meter!
PS: I have no affiliation with MetroPCS other than being a satisfied customer. Don't expect super-friendly, great tech support from them, they are a discount cellular service provider. But their stuff works, it's cheap, and I'm happy. =)
Re: (Score:3, Funny)
PPS: AT&T waived almost all of that $1,000 when I tried to cancel my account with them. After they did so, I waited a month before canceling service. They overcharged me $20 on my very next bill!
Friends don't let friends use AT&T!
Re: (Score:2)
Re: (Score:2)
This is such a spam post. Mods, please mod the post into oblivion.
How this got through I have no idea.
Re: (Score:2)
Gesynchronous orbit is about 30,000 kilometers from Earth. Speed of light is about 300,000 kilometers/second. I can live with a half second latency on a round-trip to the other person and back if that means I don't have to pay long distance charges.
I don't understand, however, why you need geosynchronous satellites for a
Re: (Score:3, Insightful)
Most of the audio issues with VoIP calls end up being caused by end-user misconfiguration (hardware or software).
Unlike a regular phone connection, you have to deal with a bunch of end-user variables: Different mics and speakers, people sitting 3 feet away from their mics, people trying to use the crappy speakers on their laptop as a speakerphone without any echo- and/or feedback-cancellation other than what's built into the VoIP software (probably even on the server end).
Just try comparing Skype with lapto
Re: (Score:2)
Please mod parent up. This is probably the most informative post in this thread.
Although I have to disagree with you about calling over a cell phone. Maybe your Android phone has a better mic (I have an IPhone). But I find with my 3GS calls sound very unclear for the receiver, and you can't make out most words. When I fire up VoIP on my computer with a headset, however, they sound clearer than a landline amazingly.
How do you address the issue of a VoIP for the receiver being too loud? It seems the codec is
Re: (Score:2)
Sounds a bit like the SIP software you're using on the iPhone is to blame. Are there any alternative SIP clients you could try?
SIPDroid on Android allows you to adjust both Mic and earpiece gain, so volume is not a problem here.
And obviously the quality of the microphone built into the phone will differ from manufacturer to manufacturer, but I'm not sure I'd believe that Apple is using sub par mics in their iPhones... It's their flagship product, after all.
Re: (Score:2)
I thought that too. So I tested it on Skype, Fring, and then Acrobits Softphone. All different clients and even different protocols. No luck though.
The only possibility I can think of is either a sub-par mic on the 3GS (and please Slashdotters I'm not flaming the 3GS here--maybe the reason is simply because the mic is optimized for the cell phone codec and not the higher quality VoIP codecs), or maybe you have noise cancellation on your Android phone and that produces clarity on a codec that takes in more q
Re: (Score:2)
Interesting. So how do you fix it so that the audio I send is of lower volume, without somehow adjusting the mic input volume?
Re: (Score:2)
Damn right. That echo/static is nerfing my DSL.
Re:The REAL crime here (Score:5, Insightful)
well maybe not that free, but they certainly do run a racket. It's basically an international Collusion [wikipedia.org] or Price Fixing [wikipedia.org].
Basically the long distance phone racket is a global Price Fix. Though they don't have any way to combat voip and the increasing options such as skype and telephones tied to cable modems. (we have those here in town... one cable modem provides your house with cable tv, internet, and phone service) Though the phone service I think is still using traditional long distance, but that may change. I suppose it's possible they're working hard behind to scenes to try to keep such digital phone service reliant on their "land lines", even though the calls would be going over the same fibers either way. Kinda funny how the same bits are being priced vastly differently, isn't it?
I can sell you this nail for two cents. Or would you prefer one of my high-tensile-strength wood adhesion devices for a quarter?
Re:The REAL crime here (Score:5, Interesting)
Point to point personal VoIP can be pretty free.
But then there's the cost of the Internet connection. There's a capex cost of the home router you use, and the cost of the power it uses as well as your 'phone' device, whatever that might be.
The ISP then has a last mile capital cost, to run a cable to your place or deliver a wireless signal that you can use.
Then there's the interconnect equipment that's used on the backhaul, landline gateway interconnect costs (capex and opex), the rent for the building, the power, the people, their benefits, the diesel generator if you're lucky. Then there are the returns paid to the people that invested in all of that; taxpayers in some realms, stockholders in others.
Then there are the costs associated with upstream routing. Maybe there's a SIP server with its incumbent costs, support, programmers, power, and so on.
The Internet isn't free. Phone costs aren't free. Each has a cost.
But what happened in the TFA is that people exploited SIP security and found a way to make people's toll avoidance become a nightmare for them. Not free. Not at all.
Re:The REAL crime here (Score:5, Interesting)
Did you forget to mention that the exact same networks that are used to router phone calls are the exact same networks that are used to route internet traffic?
You can dress up the costs of this that and the other and make a "phone bill" look quite justified, but if those costs were really justified, then the cost of access to the internet would be simply astronomical. It isn't.
Telco profits are higher than ever before and they are, of course, enjoying it. They aren't resting, though... oh no... they are still looking for new and novel ways to screw customers over. As for me? I'm way too savvy to play their game. Sadly, I am among the 0.001% who are... so everyone else gets hosed.
I recall when voice communications over the internet was young. The telcos were suing everyone who tried it just as the music companies were suing everyone who wrote MP3 software. Well that didn't last long, but the games are all being played just the same.
So what have we learned? Don't pay for crap you don't have to. Diamonds are worthless. Don't believe me? Try reselling one. New cars are over-priced. Same deal as diamonds only not as profound. Credit cards and credit scores? Debt-financed lifestyle might feel rich, but you aren't saving your money any more and neither is the majority of Americans. Credit scores depend almost entirely on your ability to maintain debt. You could be a billionaire and have a horrible credit score because you pay for everything in cash. Huge misrepresentation in all of that. Long distance phone service? Set up your own network and run your own VoIP -- it's cheaper in the long run. Hell, even now, my company here in the U.S. communicates regularly over voice AND video with our parent company in Japan. We only pay for the network connection and it goes over the internet.
The reality is that people are too lazy to learn the truth and act on it to change. In the short term, it's great to be smarter than everyone else, but when things go bad, it doesn't matter -- the whole world comes down at once.
Re:The REAL crime here (Score:4, Interesting)
I agree with your logic, but understand that many people ARE dropping the traditional phone companies. I haven't had a land line in a few years, and just switched my office from POTS to Time Warner Biz Cable. Dropping two T1s for data and 12 phones, and picking up two 5/1.5 data lines and 12 phone lines with UNLIMITED nationwide LD (and very low overseas rates) will save our small company $30,000+ this year, and our bill will be the same every month (excepting a small amount of European calls). A direct quote: POTS = $50 line + $15 for rolloever service + usage. TWC costs $39.99 including rollover and LD. We switched a month ago. Our system was down for 10 minutes during the change, and has worked flawlessly ever since.
Half the people I know (mainly younger) don't have land lines. Mainly small businesses are changing to cable solutions (ours was said to be one of the larger ones). The traditional phone companies are soon to be hurting, give it 2 or 3 years. This is why they are making hay while they can, and expanding into other markets.
Re: (Score:2)
Half the people I know (mainly younger) don't have land lines.
Not just young people. We stopped having a land line about 8 years ago - cell phone service became so cheap. Everyone in the family has their own cellphone (cost each: euro0.67 per month, euro0.07 per minute/SMS http://www.dna.fi/en/privatecustomers/mobilecommunication/Subscriptions/Sivut/dnaOnni.aspx [www.dna.fi]). My teenage daughter's phone service was recently upgraded to have 384kbps data (cost: euro2.95 per month, no capacity limit, http://www.dna.fi/webshop/Sivut/Default.aspx [www.dna.fi]). The combined monthly bill for the 4
Re: (Score:2)
Re: (Score:2)
You are still using faxes?
Yes, and will continue to do so. A signed document sent by FAX has higher legal status than (i) the same signed document scanned and sent by email, and (ii) an email with an electronic signature. Also it's much easier and faster to send an annotated hardcopy by FAX than to scan it and then send by email (think of concept sketches or marked-up engineering drawings for which a CAD file or CAD program is not readily available).
I guess you're not actually operating any kind of business from that basement...
Diamonds... (Score:2)
That is not what she said for "diamonds are worthless" comment. :P
Re: (Score:2)
You are correct about credit scores. If you have money and don't use credit you don't have a credit rating. But guess what? it doesn't really matter. If you need to finance something simply prepare something called a net worth statement where you list all of your assets. Then go to the bank and they will happy give you loan. Credit ratings are for people with little or no net worth.
It makes sense. How else do you, as a bank, tell two people both living pay check to pay check apart? One could have a muc
Re: (Score:2)
That doesn't come anywhere near explaining it though. If I and someone else have an internet connection, we can talk 24/7 for less than $50/month flat rate each (with plenty of bandwidth left over for other internet uses). The protocols for VoIP are so baroque specifically so they match up with SS7 (spoken by the old POTS network). The only reason they haven't tied to two to make POTS just as cheap is that they don't want to.
To add to it, MANY of the internet connections are actually nailed up digital voice
Re:The REAL crime here (Score:4, Interesting)
True. This is because traditionally, voice and data were two separately tariffed ideas. Landline equipment can be tip/ring or can be DSL VoIP.... or a cable VoIP-- depending on what state and which part of the world you're in.
QoS and low latency to support voice are a bit different when you use bi-directional telephony on top of data lines. I'm not trying to justify what PTTs and telcos charge here. But voice telephony is different than data telephony and VoIP is different still. Personally, I prefer Skype. But Business Skype is an oxymoron. Those in the business VoIP business range from reasonable to totally sucks. The "free" part of the OP's message is what I have issue with. Data is asynchronous, and voice is isochronous and the two take different equipment and have different historical infrastructure. When voice is data and actually rides over wires in bit frames, it may or may not be part of IP protocols. If it rides over IP as isochronous media, then call quality depends on deterministic routing as well as low fundamental line latency.
If you use SIP or ENUM/ENUM2, then the additional problems of gateway protection is important and costs money. Don't pay the money or let a fool guard it, and you get $100K surprises.
Re:The REAL crime here (Score:4, Interesting)
You just can't overstate that last part.
A *huge* amount of VOIP fraud and hacking is against Asterisk based systems.
Nearly all of the stories I hear are about Asterisk based systems that had their SIP port opened up to the Internet. A lot of those involve Trixbox. Trixbox, is by and large, just like slathering a nice thick layer of stupid and apathy on top of an otherwise really solid system. Please, I am not trolling here. I am no fan of Trixbox, due to how impossible it is to manage or get anything done. It's a really pretty front end for Asterisk, and that is about it. Which is why it is so damned dangerous.
The problem is how many people are getting really interested in VOIP, but don't have the expertise, training, or initiative to do it correctly. From enthusiasts, to IT departments pressured to cut costs with, "with that whole VOIP thingy I read in a business magazine" from their pointy-haired-bosses, VOIP is getting really hot for a lot of people. VOIP providers are plentiful now and pretty darned easy to setup. Most of the ones I have evaluated ALL have tutorials for setting them up on Asterisk and Trixbox.
Biggest problem with Trixbox? People go for the free and are not paying the money for the Trixbox support contracts or the professional offerings. To be fair, it is not just Trixbox either... Stuff like PBX in a Flash is just as problematic.
What we have is a large number of people that using Asterisk based systems (there is not a whole lot of other options out there. YATE is the only one I know of, and the others are based on Asterisk) not being managed correctly .
When you don't understand the dialplan, concepts behind a dialplan, extensions, SIP security, media, etc. you setup yourself up for a situation very similar to a router with a default password or an email server setup as an open mail relay.
For me personally, I found Trixbox, PiaF, and others to just not work, and be nearly impossible to configure or customize to do what I wanted to do. As a result, I threw myself into learning as much as possible and started from scratch with a bare metal Asterisk with no configuration files. It took awhile, and I had the Asterisk Bible on me too, but I learned. I think I am in a much better position for it too. Would not call myself an expert yet, but I am not an amateur either.
90% of this fraud would go away if the people using Asterisk/Trixbox would follow some very basic rules and configure their systems correctly from the start. I have received at least a million attacks on my PBX systems in the last 3-4 months and they never succeed. Mostly because I researched and read about the best ways to defend against it....
Surprise... by not running a default system open to the internet. Shocking...
It's really just like you said. Pay the money and don't put somebody inexperienced in a position of responsibility over the VOIP. Unfortunately, when you screw up with VOIP it can very expensive since they can rack your bills up *really* fast.
Re: (Score:2)
There are other SIP based VoIP-Systems out there. Cisco Callmanager comes to mind, and OpenScape Voice. Alas both are neither free as in freedom nor free as in beer.
Re: (Score:2)
Some companies even offer flat rates to various international destinations, at least where I am. But some countries do indeed charge extortionate amounts for incoming calls, yes.
Re: (Score:2)
They have. Now they've moved the rapacious costs on to cellphones. According to practically any study they cranked out and drooled over in the '90s, cell service is cheaper to roll out and maintain than landlines but somehow they just can't bring themselves to get rid of the meters even though the cost of metering, accounting and associated book sized itemized bills probably exceeds the cost of actually provisioning the service.
Of course, like in many other areas, the one thing accountants are really bad at
Re: (Score:2)
Just make sure that when you set up SIP also add a firewall filter to limit the number of clients able to access the service. Even if you can't dedicate an address it would help a lot to limit the attack possibilities by only opening for a certain subnet into the server.
And for roaming users a VPN tunnel should be the way to go to be able to access the SIP account.
Re: (Score:2)
Much like gas prices, cable TV and various other products/services; The prices are high because people continue to pay them.
Re: (Score:2)
Re: (Score:2)
Which isn't. The real crime is that ISPs have been running a ruinous business model for years, in attempts to drive out competition and gain market share. The prices that are currently everywhere here in Europe are below costs already. Yes I got that info first-hand from the CEO of a large Telco/ISP.
It's all driven by investors, because "the stock market" (whoever that is) believes that only the first 2-3 (depending on country size) competitors can be profitable. Ironically, this belief is the direct cause
Re: (Score:2)
Re: (Score:2)
You do not understand the actual setup. I had to help a friend of mine recently (from the USA) who had 500$ clocked on his asterisk in a day or so from his parents VOIP extension in Canada. It is basically a version of the old "porn dialer" scam.
1. The criminals call high-toll lines (AKA porn numbers) and get a cut back. In order to do that there has to be at least one operator assisting them. In most cases it is the incumbent telco in some god foresaken lawless country in Africa. If the telco, police and t
Re: (Score:2, Troll)
Your two examples are completely different.
Obesity only costs other people money because of collectivistic programs. Get rid of the collectivism and you get rid of the problem, and people are free to make their own choices.
Spam, on the other hand, is a criminal endeavor, a theft of resources. That's a completely different matter.
One is a symptom of freedom being incompatible with collectivism, the other is criminals taking what isn't theirs.
Re: (Score:2)
The point of spam is that it STARTS and continues because there is money in it. Money spent by stupid, desperate people. A tremendous minority of people at that. Without their existence, the marketplace for spam and all the criminal acts connected with it wouldn't exist in the same way or in the same volume. Sure there would be hacking for fun. There would be hacking for espionage. But at the moment, most of it is for profit and the profit is primarily through sales generated through spam advertising.
Re:The REAL crime here (Score:4, Insightful)
Of course I realize that. But it's tilting at windmills to wish that there were no suckers in the world.
It's easier to catch the criminals than to get rid of (or educate) all the suckers. No matter how much you educate them, they'll keep thinking that "this one is different" or that they know better than everyone else.
Re: (Score:3, Insightful)
Re: (Score:2)
Sorry, but you (and the Troll parent) completely misunderstand the reasoning behind a smoking tax. The idea is not that if you smoke you get sick and need medical attention - after all, your illness probably won't be that much of a drain on society in itself as you've probably paid for it either way, what with health insurance and whatnot.
No, the idea is that if you get sick and die of lung cancer when you're 40, that's twenty-five years of taxable income that society loses out on. Thus, in order to discour
When dealing with telcos... (Score:5, Insightful)
don't use unbounded plans. If your provider doesn't offer hard limits for post-paid plans, choose pre-paid and never put more money into the account than you can afford to lose. Instead of looking out for their customers and telling them when their bill climbs to astronomical heights, telcos will gladly stand by and reap the insane profit. Consumers can only reasonably choose to treat their telco like a kid with a small cash allowance instead of a platinum credit card.
Re:When dealing with telcos... (Score:5, Informative)
G'day mate,
In Australia we dont have so called "unlimited" plans, for A$99 a month you get 1 TB of data (upload and download) on an ADSL connection. After reaching your data cap your connection is shaped to just above dialup speed (somewhere between 64K and 256K as our Luddite government still defines anything above 56K as broadband). If you want unmetered plans, expect to pay $450+ (+ == plus GST (Goods and Services Tax) which is 10%) for 2 Mbit, if you want 10 Mbit, expect to pay $1400+ for fibre.
Side note: this is why the NBN at 43 Bn AU$ (26 Bn public money) is an absolute bargain.
Now that I've clued you in about the sorry state of internet in Australia, the charges are not from downloads but from using the ISP's SIP gateway. Traffic between your router and the ISP's SIP gateway will not be metered by all but the most unscrupulous of telco's in AU. But you still pay a per call charge on VOIP because the ISP is providing a service which costs them money (calls within their network are typically free however). It would be quite easy to rack up hefty bill if you have a script that can call internationally. What the service providers should be doing is this, when a bill reaches a suspicious amount (use $150 as a yardstick for home services) then the ISP notifies the customer, once the bill reaches a second milestone (say $300) the service is suspended (incoming calls only) until the issue is rectified unless the user expressly requests otherwise.
Re: (Score:2)
To be fair, 1 TB for $99 ain't bad at all, and much better than the state of affairs in previous years. Keep in mind that in many other countries with 'unlimited' plans, there can be soft caps or fair use agreements that kick in at substantially less than that. Not to mention that throttling/QoSing 'undesirable' traffic types (e.g. torrents) is commonplace on residential-grade unlimited plans in many countries. At least in Australia you get what you pay for and they don't screw around with your packets (the
Re: (Score:2)
Not unlimited, but we'll see a lot of restrictions that come with DSL disappear. What the NBN will bring is a highly reliable network with consistent speeds to over 95% of Australian homes and businesses. This kind of connection is something that is very very expensive at the moment.
Re: (Score:2)
Re: (Score:2)
Unmetered != Unlimited.
Plus read the fine print, only available to select customers. In terms of availability, it's extremely limited.
Re: (Score:2)
First off, thanks for posting.
People who make satphone calls are unusual, most people dont make them from home VOIP accounts. Primary users of satphones are business, I've worked in GIS in the mining industry who are the biggest users of satphones in AU (merchant marine is probably biggest world wide though). People regu
$10 per call? (Score:2)
I thought voip was supposed to be cheaper than anything else?
anyone? how is 11k calls worth a 120k bill?
Re: (Score:2)
The scam artists typically are pumping traffic to revenue share numbers (think the international equivalent of 1-900 numbers), where they get a cut of the call termination cost. And the revenue share numbers are in countries that many people have never heard of, such as Tuvalu.
Re: (Score:2)
But what if you resell the service, so that you are allowing unsuspecting members of the public to make expensive calls at knock down prices... For a destination where anyone else charges $0.50/minute but you charge $0.40, you still stand to make a significant profit because your costs are fraudulently being pushed on to someone else.
Who is placing the calls? (Score:5, Insightful)
Re: (Score:3, Informative)
Re: (Score:2)
Would need to be hosted off-shore, otherwise would be too easy to find them.
Re: (Score:2)
Most 900 and pay line services don't work with VOIP services, hell they don't work with cell phones. This is why 900 services are going the way of the dodo. Pay per SMS has become far more profitable.
The only way your scenario works is if there's a VOIP to local phone service gateway in place that allows this, which would require a ver small subset of VOIP installations.
I also think this is probably far more of an issue for commercial VOIP systems, since they would probably be far less likely to have OS u
No surprise - the stuff is wide open by default (Score:5, Insightful)
Re: (Score:3, Interesting)
Same at my office. The provider insisted that we install no firewall or antivirus on their Win2K3 box, and they wanted remote desktop enabled and a public IP. We said hell no. This is sitting behind our firewalls and if you need access, we'll setup some port forwarding pinholes THEN.
Re: (Score:2)
No, they wanted RDP, not web sessions. And like I said, no security lockdown whatsoever, no system updates, no antivirus, all ports at default configuration.
This happens all the time in the USA as well (Score:4, Informative)
Something missing here... this is not my VOIP (Score:3, Interesting)
My Skype VOIP would only charge $10.00 for 10,000 calls. These businesses must be really stupid.
Re: (Score:2)
Umm do you think they're doing it just for the phone minutes? They're dialing special numbers that you get billed extra for, so they get $$$. And the ones who take the money just act all innocent "Hacked? Don't know what you're talking about. You call, you pay."
Re: (Score:2)
Businesses don't use Skype. Period.
Re: (Score:2)
Re: (Score:2)
Because it's a proprietary service that locks you in even worse than traditional telephone providers.
Instead, they should use SIP which is a standards based protocol supported by thousands of providers and all manner of devices.
Re: (Score:2)
They aren't dialing 'regular' phone numbers. They are dialing premium numbers (you know, those $10/minute or whatever lines). Internationally. The idea being that the scammers themselves are running the premium lines (or at least have some financial interest in them), so they are essentially making free money.
Re: (Score:2)
Re: (Score:2)
The problem being that some people still insist on using voice conference services that have no subscription charges but require the participants to call a premium number. They are very convenient, work even for the technophobic, but ludicrously expensive compared to other methods.
Alas, our network gateway is so terrible that they are actually more reliable for us than any form of VoIP.
Get a clue people (Score:2)
I've seen a lot of posts from know it alls who talk about how Skype is so cheap, and how they can talk to their office in Asia over VoIP for nothing more than the cost of an internet line. Skype and VoIP for internal communications might be great, but they are not suitable for business. Until everyone who you want to sell a product to has a Skype account or a VoIP connection, you need a regular phone line to talk to them. Except for some fringe cases of small businesses that can do everything over email
Re: (Score:2)
I'm a contractor living in the UK and have a customer in Germany and a customer in Finland. I speak to them every single weekday for half an hour (daily scrum..) and do so by skype.
I use a "real phone" (the N900) and I dial their real phone. My N900 uses the wireless connection in my house to connect to skype. They can even call me since skype gives me a real phone number. I do pay for both services, but it's not very much.
It's not even hard or complex to setup. The N900 comes with skype built into it.
Re: (Score:2)
So you pay for a proprietary service? If you start talking to all your clients through skype, what happens if they decide to crank up the prices? By locking yourself into a proprietary service like that you are taking a step backwards.
They are like BT, only worse, BT are heavily regulated, skype is not... It may be cheap right now, but for how long? It's a classic bait and switch.
Re: (Score:2)
> So you pay for a proprietary service? If you start talking to all your clients through skype, what happens if they decide to crank up the prices?
Then I switch to a different service? There are various equivalent services that can dial normal phone numbers.
> By locking yourself into a proprietary service like that you are taking a step backwards.
I'm not locked in at all. There's absolutely nothing preventing me from switching to a another SIP service or to a BT landline. My clients would not notic
Re: (Score:2)
You would need to replace your client, change your workflow to accommodate a new client, replace any hardware handsets you had etc.
Any of your clients that you actually talk to through skype instead of bridging to the PSTN would also need to change.
You would lose any custom hacks/scripts you've done to the skype client etc.
And if your just using skype for calls to regular phones you really are missing out, skype typically have much worse rates/packages than most standard sip providers
I typically have accoun
Re: (Score:2)
> And if your just using skype for calls to regular phones you really are missing out, skype typically have much worse rates/packages than most standard sip providers
It's good enough though, and simple to setup for my friends and family, and works on linux and windows.
Re: (Score:2)
Re: (Score:2)
Better than that, I've heard it. And for the same reason, very many businesses won't consider dropping their POTS connection.
It's one things entrusting your calls to VOIP if you have a dedicated high bandwidth internet connection, ideally with QOS as far as possible between yourself and the VOIP provider. It's another thing altogether to trust your business calls to the available bandwidth of a random skype supernode that's being used to navigate round the NAT between your laptop and t
Re: (Score:2)
Please elucidate then good sir.
Ignorance is bliss, please wipe the smile off my face.
And what prey tell, does the vast majority of SIP devices get used for?
But which way does their toilet water run? (Score:2)
The International Drainage Commission really needs to know.
Interesting timing (Score:2, Interesting)
Re:Interesting timing (Score:5, Interesting)
Setting alwaysauthreject causes asterisk to respond the same way to an invalid peer registration as to a valid one using a bad secret. In other words, the attacker can't get a list of valid extensions for later password cracking attempts. Note that this violates RFC3261, but I'm unaware of anything that it will actually break, and in fact it's the default in asterisk 1.8.
August was my bad month (Score:2)
Re: (Score:2)
fail2ban is your friend. Simply block their IP after three failed attempts.
Actually, I think this should become a standard feature for most VoIP software. It's simply too easy to scan for weak passwords.
When I've seen scans they tend to be numerical too. I wonder if it's worth having honeypot extensions in the low numbers.
Of course, if you're using asterisk and allow registrations from remote IPs and you have extensions.conf configured t
Re: (Score:2)
Fortunately, it's configured as a dial-in service only. It's a message service & conference room box only.
Just use the internet, Luke (Score:2)
Stop placing calls over the legacy switched telephone number. Instead, make calls directly over the internet itself. It's cheaper that way. You just need to know what "numbers" go to what peer VoIP switch. Eventually, everything can go this way and we have no more "per call" charges.
This happened to me (Score:5, Funny)
Re: (Score:2)
I used to use the asterisk monkey sounds, they even have one which says "something is terribly wrong.. they have been taken away by monkeys"...
But more recently i've been taking apart soundboards and making a script of some celebrity, if you have someone say helo a few times, ask the caller who they are and what they want they tend to stay on the line a lot longer, even if its borat talking to them.
Re:why do the 'victims' get bills? (Score:5, Informative)
If the call is proxied through the victim's poorly-configured VoIP server, no, their provider doesn't know where it actually came from.
Re: (Score:3, Interesting)
That only works if they operate a premium rate phone scam with the stolen accounts...
On the other hand, many criminals will sell 'minutes' to various countries at below the standard rates to service providers.. These providers then route calls from unsuspecting users over the questionable routes.
Many of those calling cards being offered at unbelievable prices work this way.. Lots of people living in the west come from countries which are extremely expensive to call, and still have family there, and they wil
Re: (Score:2)
Banks have an out, though:
Identity theft [youtube.com]
I know slashdot probably hates youtube for some reason, but this is very funny.
Re: (Score:2)
I've got excellent karma, thanks! Probably improves my real-life karma if someone liked it, though. I can strongly recommend all of Mitchell & Webb's work, especially Peep Show, if you haven't already seen it.