About Fraud Protection Lists
A Fraud Protection List (FPL) is a global, user-specified list with a unique name that contains list type entries (Black list, White list, Rate limit, and Call redirect) that you can specify data type and data type format parameters. An FPL can also contain data entered manually or data generated by a device. An FPL is used by Oracle Communications Session Delivery Manager (SDM) to push targeted fraud updates from a Fraud Detection and Prevention device to southbound devices that are capable of detecting telephony fraud, such as an ESBC.
Fraud Protection List Type Entries
The following table shows the FPL list type entries you can manage for
the ingress realm of a southbound device:
| Black list | Use this FPL entry to specify a fraudulent call based on the destination phone number or URI. You can add a known fraudulent destination to the blacklist by prefix or by fixed number. When a device receives a call to an entry on the blacklist, the system rejects the call according to the specified SIP response code. |
| White list | Use this FPL entry to manage any exception to the blacklist, such as if a prefix such as 49 555 123 is blocked by the blacklist. This also blocks calls to individual numbers starting with this prefix, such as 49 555 123 666. If you add a prefix or individual number to the white list, the system allows calls to the specified prefix and number. Continuing with the previous example, if you add 49 555 123 6 to the white list, the system allows calls to 49 555 123 666, which was blocked by the blacklist entry of 49 555 123. |
| Rate limit | Use this FPL entry to limit the loss of money, performance, and availability that an attack might cause. While local ordinances may not allow you to completely block or suppress communication, as with a blacklist, you may want to reduce the impact with rate limiting until a network engineer can analyze an attack and plan remediation. Note that rate limiting may not function immediately after a High Availability switch over because the newly active system must re-calculate the call rate before it can apply rate limiting. |
| Call redirect | Use this FPL entry to send a fraudulent call to an Interactive Voice Response (IVR) system, or to a different route. For example, you can intercept and redirect a call to a revenue-share fraud target in a foreign country to an end point that defeats the fraud. For example, you can redirect subscribers dialing a particular number and URI to an announcement to make them aware that an account is compromised and what they should do. You can use an external server to provide such an announcement or you can use the E-SBC media playback function. |
Fraud Protection List Data Types
The following data type of the Session Initiation Protocol
(SIP) to or from header that is used in an FPL black list, white list, rate
limit or call direct entry:
| from-hostname | The hostname from the SIP FROM header. |
| from-phone-number | The phone number from the SIP FROM header. |
| from-username | The user name from the SIP FROM header. |
| to-hostname | The hostname from the SIP TO header. |
| to-phone-number | The phone number from the SIP TO header. |
| to-username | The user name from the SIP TO header. |
| user-agent-header | The SIP User-Agent header. This header contains information about the client user agent originating the request. |
Fraud Protection List Data Type Formats
The following table describes the required formats for each
data type Session Initiation Protocol (SIP) to or from header that is used in
an FPL black list, white list, rate limit or call direct entry:
| hostname | The exact IP address or Fully Qualified Domain Name (FQDN). |
| username | The exact user name. For example: joe.user or joe_user. |
| user-agent-header | The exact text match to the SIP User-Agent header. For example: equipment vendor information. |
| phone-number | The following characters are allowed for a phone number:
No leading zero characters are allowed. |