The first VoIP DNSBL

Voice fraud image by Voicefraud.comFew months ago we started working on a DNS based VoIP blocklist. At the moment we testing it on our own cloud system with 3 different blacklist schemas.

1. IP address blacklist with attackers IP addresses (brute force, sipvicious attacks,etc)

2. Callerid blacklist with phone numbers (telemarketers, dialers, SPIT, etc)

3. IP address ranges for non payers

Here is how the VoIP DNSBL work:

A SIP server that wants to send a call to your SIP server establishes a connection to your server.

Your server examines the socket information to find the IP address of the server at the other end of the connection.

Your server creates a special “pseudo-hostname” by reversing the order of the components of the IP address, then concatenating them with the domain name of the blacklist:

Example:
If the incoming IP address is 11.22.33.44 and the name of the blacklist is vdnsbl.net, then the resulting “pseudo-hostname” is 44.33.22.11.vdnsbl.net

Your server does a regular DNS lookup of the pseudo-hostname 44.33.22.11.vdnsbl.net. If it resolves, then the owner of the blacklist considers the host 11.22.33.44 to be a blocked user. If the lookup doesn’t resolve, then the IP address isn’t blacklisted. For those IP addresses which appear in the black list the VoIP DNSBL may optionally store a standard TXT RR at the same name giving some explanation for the black listing.
A common misconception is that an caller whose IP address or callerid is listed is ‘blocked’ from sending out calls. In fact callers are in no way prevented by VDNSBLs from sending calls. We does not tell a third-party VoIP system what to do with a VoIP call, the third-party VoIP system asks VDNSBL for an opinion and VDNSBL responds to that request with its opinion. In effect the receiving VoIP server asks the VDNSBL “Does this caller’s IP Address exist on the VDNSBL database?”, the VDNSBL simply responds with a “Yes” if present or, if not present does not respond at all (no response means “we have no opinion on that IP Address”).

There will be several ways to feed the blacklists, more details will be published as soon as we are ready with the web GUI for this service. The service will be free of charge for everybody. Voice fraud is a common thing today, please check out http://voicefraud.com/

References: http://en.wikipedia.org/wiki/VoIP_spam

Using the Sequential Probability Ratio Test for Spam in VoIP Prevention

Your suggestions are always welcome! We want to say thank you for your continued liking and sharing. If you haven’t liked this post yet, you may do that by hitting the buttons just below. If you are a blogger and you appreciate the hard work, whether or not you copied this post, we implore you to kindly link back this post here, you may do it anyhow you can. We consider that a great contribution.

The following two tabs change content below.

CrunchBase Information Laszlo Bekesi

4 Comments

  1. Hi there would you mind letting me know which web host you’re utilizing?
    I’ve loaded your blog in 3 different web browsers and I must
    say this blog loads a lot quicker then most. Can you
    recommend a good web hosting provider at a fair price?

    Thanks, I appreciate it!
    Aquaponics recently posted…AquaponicsMy Profile

  2. Just a quick note regarding the VoIP DNSBL service: It will be up and running within 2-3 weeks, it is almost ready! We just performing several tests, the the results are fantastic.
    Laszlo Bekesi recently posted…Joining a teleconf via your mobile – Don’t be that guy!My Profile

  3. Interesting article. I would add mizutech as an attractive VoIP hosting provider with their new on demand offer: http://www.mizu-voip.com/Services/VoIPHosting.aspx
    The idea is that you can start your VoIP server in a few minutes on the cloud, without any upfront investment; and here I mean a true server (not shared, not virtual)