[AusNOG] "Telstra" scammers still at it...

Rob Thomas xrobau at gmail.com
Sat Mar 12 13:04:09 AEDT 2022 

This is TRIVIALLY solvable by Australia implementing SHAKEN/STIR, which is
a very simple JWT based assertion of Caller.

https://stir.tel has all the info.

In fact, I have a POC Certificate Authority in place for Australia, and
written most of the code for a complete attestation and verification
system, which is, or soon will be, open sourced as the reference code for
the standard.

Sadly, Telstra would have to move into the 2000s and stop requiring
ISDN/SS7 for peering, and move to SIP, like the rest of the world.



On Sat, 12 Mar 2022, 9:00 am Sean Agius (Personal), <sean at agius.id.au>
wrote:

> The proposed implementation by Telstra is flawed. For example, PBX systems
> that use any type of forward (Sim ring/Unconditional etc.), will be
> affected by the dropping of that call (If the call forward target is on the
> Telstra network); unless the forwarded call CLI is presented as Calling
> Party B. A lot of our clients prefer to know who is calling them, rather
> than their own business DID. If authorisation was done on PAI, then
> Diversion, then Calling Number, then there is enough data to backtrack to
> the root network(s) that allowed the spam/scam call to take place.
>
> As stated, there will be a general consensus to avoid Telstra if/when this
> gets implemented and starts affecting legitimate use case scenarios.
>
> Regards, Sean.
>
> -----Original Message-----
> From: AusNOG <ausnog-bounces at ausnog.net> On Behalf Of Nathan Brookfield
> Sent: Wednesday, 9 March 2022 8:08 PM
> To: Chad Kelly <chad at cpkws.com.au>
> Cc: ausnog at ausnog.net
> Subject: Re: [AusNOG] "Telstra" scammers still at it...
>
> Nope it won’t and that’s not what it’s doing, it’s the opposite…. You can
> use Telstra CLI’s on other networks without an issue :(
>
> It’s going to cause a massive cluster that’s for sure but I don’t believe
> it will solve much SPAM calling.
>
> They’ll just avoid Telstra :(
>
> On 9 Mar 2022, at 19:48, Chad Kelly <chad at cpkws.com.au> wrote:
>
> Hi Just on this, the Telstra preventing CLIRs I am pretty sure this will
> prevent the scammers from using any Telstra numbers.
> From what I understand the changes will prevent the use of Telstra numbers
> being used as caller IDs from outside of their network, previously the
> scammers have been able to use random mobile numbers they have found on the
> internet as the caller ID this will no longer be permitted on the network
> level once these changes go through.
> I understand from an ISP point of view that the only exception to this
> will be approved port out requests where Telstra has signed paperwork from
> the gaining  ISP to say the customer has approved to port their number out.
> From how I understand this is being rolled out all other requests to make
> outbound calls from random Telstra numbers will be blocked at the network
> level.
> Unless the number is on a Telstra account.
> This should help significantly with cutting down the amount of scam calls.
>
> Regards Chad.
>
> From: Shaun Deans <shaun at kadeo.com.au>
> To: Rob Thomas <xrobau at gmail.com>
> Cc: "<ausnog at lists.ausnog.net>" <ausnog at lists.ausnog.net>
> Subject: Re: [AusNOG] "Telstra" scammers still at it...
> Message-ID:
>    <CA+kVNc811wfDMqREiwoK+ZkZnqMoQgNnkwbeO4n6_23v_bhw0Q at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Random thought experiment... as both someone who's worked in carrier
> networks and in software what ponders me is...
>
> If my Google Phone app can detect a scammer and tell me before I answer
> why can't a carrier (source or destination) ?
>
> I understand Google has a massive dataset which the humans feed (for
> "free") every day. But I'm sure they just live to offer a service to
> carrier's for 'extreme scammers' back to carrier's. I understand the CLIR
> is faked but logs would show it originating.
>
> But as someone else said the scammers' will still pay for the calls. ?
>
> The current projects stopping of overstamping CLIRs outside the network
> coming back inbound will help immensely.
>
> As someone with experience on both sides (Net & Dev) I'd love to geek out
> pro-bono on a project.
>
> That said I'm sure Telstra has smarter gals & guys than me trying to crack
> the code.
>
> Just 2c
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20220312/1b42cdff/attachment.htm>

More information about the AusNOG mailing list