Skip to main content

Anyone use SecAst for fraud prevention?

Posted by matthewmalk248 on Fri, 04/12/2019

We recently had a tenant get some sip credentials stolen (we suspect a RAT on their windows XP machine) and the hacker ran up quite the phone bill with fraud calls to Iowa of all places. Since it wasn't technically international our trunk providers fraud protection didn't catch it. Trying to find another level of fraud protection, has anyone ever used SecAst by Telium or have any suggestions?


Submitted by matthewmalk248 on Sat, 04/13/2019 Permalink

That's the plan. The single tenant endpoints we can mitigate any possible fraud with channel limit and daily spending limits but the MTE we have to kinda leave open-range since there's so much traffic.

Submitted by telium on Mon, 04/15/2019 Permalink

Take a look at the SecAst product at http://telium.ca/secast for an overview of our Security for Asterisk (SecAst) product. SecAst operates between the OS and Asterisk, so it works with any configuration generator (including ThirdLane).

SecAst considers approximately 25 different factors in deciding if a connection/call is fraudulent or hacking in nature. SecAst uses proprietary databases of known hacking IP addresses, phone (toll) fraud phone numbers, IP to geographic mapping, and more. It can map any IP address down to the city level on a global basis, and block IP's at the city/region/country/continent level (allow or deny).

Current trends in hacking include penetrating phone sets (or Windows user agents) and extracting valid SIP credentials. Then using those credentials to make premium rate calls and generate revenue (your cost) very quickly. SecAst can detect unusual calling patterns, unusual dialing rates, and more to cut off hackers using stolen credentials.

SecAst blocks users at your firewall (not using local IPTables, unless you really want to). SecAst does *NOT* scrape log files like simple open source tools.

Many of our customers have come to SecAst after their first $100,000+ phone bill. If you have a small PBX installation you can even use the free edition of SecAst. Large installation (including campuses and route resellers also use SecAst).

If you would like more information please reach out to Telium at info@telium.ca

Submitted by telium on Mon, 04/15/2019 Permalink

Since pictures are worth a 1000 words, here's an overview of how SecAst interacts with its environment. Note that "Hacker (IP)" and "Toll Fraud (phone number)" databases are cloud based so SecAst queries Telium's servers to receive a risk score for any IP or phone number.

SecAst's event handler system lets you connect SecAst to virtually any firewall. We include examples for a Cisco PIX, Mikrotik, and pfSense firewalls, so that SecAst can add/remove IP's and rules to the firewall directly. By blocking attackers at the network edge you keep DoS attacks off your network, and also prevent attacks of other servers/services (eg: configuration servers).