[VOIPSEC] VOIP and IDS
Mark Teicher
mht3 at earthlink.net
Tue Jul 12 16:42:19 CDT 2005
Some credit card companies call center utilize application NICELog or similiar applications that provide the ability to record or break down the calls into segments. Each segment can contain voice recordings, screen recordings, or both voice and screen recordings. A complete call can be comprised of voice, screen, or voice and screen segments. At least once a day, a person who calling regarding their credit card information, "your call is being recorded for quality assurance purposes", well by using systems like NICELog or similiar they require verbal authorization from the two parties in order for the information to be recorded. In other cases, the credit card companies just run the card through the system for authorization, no real AI involved, except for VLOOKUP or HLOOKUP in some database that is supposedly protected by all the baddies of the world.
-----Original Message-----
From: Chris Moore <chris.moore at u4eatech.com>
Sent: Jul 12, 2005 4:34 PM
To: scottbeverly at mercuryrm.com, 'Henrik Ingo' <henrik.ingo at sesca.com>
Cc: "'Smith, Donald'" <Donald.Smith at qwest.com>, Voipsec at voipsa.org
Subject: RE: [VOIPSEC] VOIP and IDS
You should look into "Secure Logix" (http://www.securelogix.com/) they have
something like this (call pattern recognition) and I believe they are
adding(added?) VoIP support..
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Scott Beverly
Sent: Tuesday, July 12, 2005 6:46 AM
To: Henrik Ingo
Cc: Smith, Donald; Voipsec at voipsa.org
Subject: Re: [VOIPSEC] VOIP and IDS
What I was envisioning was something with a learning engine that can
learn to understand patterns in usage. This is more what I thought the
original poster was interested in using for an anti-fraud type thing. I
don't know, but I suspect that credit card companies have been using
this kind of AI for years to spot fraud in card usage. This type of
thing wouldn't be as interested in a packet flow like an IDS but more in
the billing records or call authorization accounting.
Scott...
On Tue, 2005-07-12 at 09:22 +0300, Henrik Ingo wrote:
> Thanks for your answer...
>
> Smith, Donald wrote:
> > Sir, I would recommend you forward your question to the snort developers
> > list.
> > snort-devel at lists.sourceforge.net
> >
>
> Sure, I realise that, but in the end I'm more interested in the SIP and
> VOIP part and IDS in general, snort just being one case of IDS.
>
> > In general snort handles stateful type connections via a preprocessor.
> > That is how fragments, long running scans etc... are handled.
> >
> > I think it would be interesting to have a H323 or SIP snort preprocessor
> > someone on the developers list might agree:)
> > As for gsm type discovery of anolomies you would have to maintain a LOT
> > more information but it should be possible.
>
> Hence the question. If a system is set up to recognize things like "some
> packets during the last minute amount up to scan X" it might not be
> suitable for things like "last months calls add up to a rather sizeable
> bill". Also that kind of "phone network" IDS might actually be more
> feasible to do in concert with the SIP proxy and backend database,
> rather than sniffing the network and storing the same data in the IDS
> (snort or otherwise) system.
>
> henrik
--
Scott Beverly
Mercury Risk Management
scottbeverly at mercuryrm do t com
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
"The Truth Lies at the Heart of the Art of Combat. Once it is mastered, Though shall fear no one, though the devil himself may bar thy way...."
More information about the Voipsec
mailing list