Chris it would be trivial for this to be fixed, nearly overnight, by creating some liability on the part of carriers for illicit use of caller ID data on behalf of their customers. But the carriers don't want that, so now we have to create tons of technical half solutions to solve a problem that would be neatly solved by carriers. On 7/11/19 12:09 AM, Christopher Morrow wrote:
There seem like a bunch of pretty simple 'correlations' one could make, that actually look a heck of a lot like 'netflow/log analysis for ddos detection': o is this trunk sourcing calls to 'too many' of my subs in period-of-time-X o is this trunk sourcing calls from a low distribution of ANI but a different distribution of CallerID o is this trunk sourcing calls from unmatched (as a percent of total) ANI/CallerID
I would think you could make similar correlations across the destinations on your phone-network: o Is there one ANI or CallerID talking to 'all' (a bunch, more than X of type Y customer end point) of my endpoints? o are there implausible callerid being used? (lots of 'NPA-NXX matches destination, yet from a very different geography?)