Previous
Next
JavaScript must be enabled to correctly display this content
About Fraud
Protection Lists
A Fraud Protection List (FPL) is a global,
user-specified list with a unique name that contains list type entries (Black
list, White list, Rate limit, and Call redirect) that you can specify data type
and data type format parameters. An FPL can also contain data entered manually
or data generated by a device. An FPL is used by Oracle Communications Session
Delivery Manager (SDM) to push targeted fraud updates from a Fraud Detection
and Prevention device to southbound devices that are capable of detecting
telephony fraud, such as an ESBC.
Fraud
Protection List Type Entries
The following table shows the FPL list type entries you can manage for
the ingress realm of a southbound device:
| Black list |
Use this FPL entry to
specify a fraudulent call based on the destination phone number or URI. You can
add a known fraudulent destination to the blacklist by prefix or by fixed
number. When a device receives a call to an entry on the blacklist, the system
rejects the call according to the specified SIP response code. |
| White list |
Use this FPL entry to
manage any exception to the blacklist, such as if a prefix such as 49 555 123
is blocked by the blacklist. This also blocks calls to individual numbers
starting with this prefix, such as 49 555 123 666. If you add a prefix or
individual number to the white list, the system allows calls to the specified
prefix and number. Continuing with the previous example, if you add 49 555 123
6 to the white list, the system allows calls to 49 555 123 666, which was
blocked by the blacklist entry of 49 555 123. |
| Rate limit |
Use this FPL entry to
limit the loss of money, performance, and availability that an attack might
cause. While local ordinances may not allow you to completely block or suppress
communication, as with a blacklist, you may want to reduce the impact with rate
limiting until a network engineer can analyze an attack and plan remediation.
Note that rate limiting may not function immediately after a High Availability
switch over because the newly active system must re-calculate the call rate
before it can apply rate limiting. |
| Call redirect |
Use this FPL entry to
send a fraudulent call to an Interactive Voice Response (IVR) system, or to a
different route. For example, you can intercept and redirect a call to a
revenue-share fraud target in a foreign country to an end point that defeats
the fraud. For example, you can redirect subscribers dialing a particular
number and URI to an announcement to make them aware that an account is
compromised and what they should do. You can use an external server to provide
such an announcement or you can use the E-SBC media playback
function. |
Fraud
Protection List Data Types
The following data type of the Session Initiation Protocol
(SIP) to or from header that is used in an FPL black list, white list, rate
limit or call direct entry:
| from-hostname |
The hostname from the
SIP FROM header. |
| from-phone-number |
The phone number
from the SIP FROM header. |
| from-username |
The user name from
the SIP FROM header. |
| to-hostname |
The hostname from the
SIP TO header. |
| to-phone-number |
The phone number
from the SIP TO header. |
| to-username |
The user name from the
SIP TO header. |
| user-agent-header |
The SIP User-Agent
header. This header contains information about the client user agent
originating the request.
|
Fraud
Protection List Data Type Formats
The following table describes the required formats for each
data type Session Initiation Protocol (SIP) to or from header that is used in
an FPL black list, white list, rate limit or call direct entry:
| hostname |
The exact IP address or
Fully Qualified Domain Name (FQDN). |
| username |
The exact user name. For
example: joe.user or joe_user. |
| user-agent-header |
The exact text
match to the SIP User-Agent header. For example: equipment vendor
information. |
| phone-number |
The following characters are allowed for a phone number:
- Use the asterisk (*)
character to indicate prefix matching, but only at the end of
the pattern. For example, use 555* not *555. Do not use the
asterisk character in any other patterns, for example, in
brackets [ ], parentheses ( ), or with an x.
- Use the bracket [ ]
characters to enclose ranges in a pattern. Syntax: [min-max].
For example: 555[0000-9999].
- Use parentheses ( ) to
enclose optional digits in a pattern. For example: 555xx(xxxx)
means 555 with between 2 and 4 following digits.
- Use the character x as
a wildcard at the end of a dial pattern to mean 0-9. For
example: 555xxx means a number starting with 555 followed by 3
digits.
- Entries with + symbol are supported.
No leading zero characters are allowed.
|