Blacklisting
Most telephone users are familiar with blacklisting. If they get a call that they did not want, and they don’t want to receive calls from that number in the future, they block that specific number.
TransNexus software has that blacklisting capability. But it can do much more. The blacklisting capabilities in our software products give service providers and administrators powerful, flexible capabilities to prevent nuisance calls, neighbor-spoofed robocalls, and telecom fraud and TDoS attacks.
Let’s review these capabilities in terms of the scope of calls that can be reviewed for blacklisting and the actions that blacklisting can perform.
Scope of review
Blacklist policies can be defined based upon the following:
- Calling and called telephone numbers or prefixes
- Calling and called SPIDs (OCNs)
- Calling and called locations, e.g., states/provinces/regions
- Calling and called countries
- IP addresses
- User agents
- Forwarded called numbers
- Forwarded called SPIDs
- Forwarded called Locations
- Forwarded called Countries
Here are some sample use cases to illustrate how these policies could be used.
Calling and called telephone numbers or prefixes
You can blacklist a specific calling telephone number… the classic call blocking use case. But you don’t have to enter all the numbers—you can also enter a telephone number prefix. For example, you could blacklist an NPA-NXX.
Suppose an office manager decides that nobody in their office needs to call telephone numbers in South Dakota that begin with 1-605-562-xxxx. Although there are certainly valid telephone numbers in this NPA-NXX, the location is a known destination for domestic traffic pumping.
Instead of blacklisting every possible telephone number in this NPA-NXX, the office manager can simply blacklist 1605562. That will catch all calls within the block. If a fraudster breaks into their PBX and attempts a domestic traffic pumping attack, the software will block it.
Inevitably, someone in the office will have a legitimate reason to call a number in that NPA-NXX. The software lets you create a pinhole policy record for that specific user or calling number to makes calls to that area while blacklisting remains in place for other users or calling numbers.
Calling and called SPIDs (OCNs)
Why would you want to blacklist a SPID? Here are two use cases:
Consider a voice service provider who has a SPID and land line telephone numbers assigned to that SPID. They will route calls from one of their numbers to another within their network. They should never see a call entering the edge of their network with a calling number assigned to their SPID. Such a call would undoubtably be an unwanted robocall neighbor spoofing a local caller ID.
This provider could stop neighbor-spoofed robocalls dead in their tracks by blacklisting inbound calls at the edge of their network where the calling number is assigned to their SPID.
Until the widespread, ubiquitous adoption of STIR/SHAKEN arrives, this is the most powerful, effective means of defeating neighbor spoofing available.
- Some service providers are known to have telephone numbers that are high-cost destinations sometimes used in domestic traffic pumping. A group, user, or individual subscriber might never need to call those numbers. The service provider or administrator could blacklist called number prefixes as described above, or they could simply blacklist the SPID for such providers. If a subscriber ever needs to call a number assigned to that SPID, their provider or administrator can create a pinhole for them.
Locations
Some providers or administrators may wish to blacklist calls to entire states. For example, if an organization or subscriber doesn’t expect they will ever have to call numbers in Iowa, South Dakota or Minnesota, they could blacklist these states. Pinholes could be opened as needed.
Countries
One might wish to blacklist entire calling or called countries to prevent IRSF (International Revenue Sharing Fraud) attacks and/or Wangiri attacks.
IRSF attacks involve a fraudster breaking into a PBX, making calls to high-cost international destinations, and sharing the revenue with the terminating service provider.
Wangiri attacks involve telephone calls from a high-cost number, usually in another country. The fraudster lets the phone ring once, then hangs up. The fraudster hopes that some people will be curious about the call and call back, incurring expensive fees.
IP address
Why would you want to blacklist an IP address? You may wish to blacklist calls from all IP addresses, then create pinholes so you only accept calls from known IP addresses, e.g., your softswitch(es) and providers. This is a powerful technique for preventing TDoS (Telephony Denial of Service) attacks.
User agents
Some software used by robocallers and fraudsters can be identified by user agents. A service provider or enterprise might rarely expect to otherwise receive calls involving such user agents. This blacklist provides a way to block such calls if desired.
Call forwarding
Call forwarding capabilities are a common attack vector by fraudsters. They break into a subscriber’s web portal and set up unconditional call forwarding to a high-cost destination, then start traffic pumping to the subscriber’s telephone number.
Some service providers have reluctantly disabled call forwarding for this reason.
Call forwarding blacklists enable service providers and enterprises to reinstate call forwarding in a controlled way to let subscribers who need the service to use it while reducing exposure to this attack vector for other callers.
The scope of call forwarding blacklists, e.g., called numbers, SPIDs, Locations and Countries, are provided for the same reasons as the comparable blacklists. These just prevent call forwarding.
Blacklist actions
When a call is within scope for a blacklist, the action field defines the response. These actions include the following:
- Blacklist — block the call
- Divert — send the call to a diversion destination, e.g., voicemail or a CAPTCHA gateway
- Continue — used with pinhole records to allow the call to be processed by other services, e.g., fraud control, STIR/SHAKEN, etc.
- Bypass fraud control — used with pinhole records to allow the call to skip fraud control but be processed by other services, e.g., STIR/SHAKEN
- Whitelist — process the call without processing any other services. We strongly recommend that the whitelist action should be used only for emergency numbers
Contact us for more information about how these powerful blacklist features can help you better manage and protect your telecom network.