Who would believe, in the age of Skype, Whatsapp and Facebook – telephony fraud, one of the most lucrative and cleanest form of theft – is still going strong. Applications of the social nature are believed to be harming the world wide carrier market – and carrier are surely complaining to regulators – and for a legitimate reason. But having said that, looking at some alarming fraud attempt statistics, thing will show you a fairly different story.

So, analysing fraud is one of my things, I enjoy dropping honeypots around the world, let them live for a few days and then collect my data. My rig is fairly simplistic:

  1. A have a Homer (www.sipcapture.org) server to capture all my traffic
  2. A have an amazon AWS cloudformation script that launches up instances of Asterisk, FreeSwitch and Kamailio
  3. All instances are pre-configured to report anything back to Homer
  4. Upon receiving a call – it will be rejected with a 403

Why is this a good honeypot scheme? simple – it gives the remote bot a response from the server, making it keep on hitting it with different combinations. In order to make the analysis juicy, I’ve decided to concentrate on the time period between 24.12.2016 till 25.12.2016 – in other words, Christmas.

I have to admit, the results were fairly surprising:

  1. A total of 2000 attacks were registered on the honeypot server
  2. The 2 dominant fraud destinations were: The palestinian authority and the UK
  3. All attacks originated from only 5 distinct IP numbers

Are you wondering what the actual numbers are? Here is the summary:

Row Labels 185.40.4.101 185.62.38.222 195.154.181.149 209.133.210.122 35.166.87.209 Grand Total
441224928354 19         19
441873770007       204   204
76264259990     1     1
17786514103         2 2
972592315527   1774       1774
Grand Total 19 1774 1 204 2 2000

As you can see, the number 972592315527 was dailed 1774 from a single IP – 185.62.38.222. I can only assume this is a botnet of some sort, but the mix of IP numbers intrigued me. So, a fast analysis revealed the following:

Amsterdam? I wonder if it’s a coffee shop or something. The thing that also intrigued me was the phone number, why would the bot continue hitting the same mobile phone number? I couldn’t find any documentation of this number anywhere. Also, the 97259 prefix automatically suggests a mobile number in the PA, so my only conclusion would be that this is a bot looking for a “IPRN” loop hole – which is again fraudulent.

So, if this what happens in 48 hours – you can imagine what happens over a month or a year.

DISCLAIMER:

The above post contains only partial information, from a specific server on a network of worldwide deployed honeypots. The information provided as-is and you may extrapolate or hypothesize what it means – as you see fit. I have only raised some points of discussion and interest.

Should you wish to join the lively discussion on HackerNews, please follow this link: https://news.ycombinator.com/item?id=13354693 for further discussion.

 

 

 

The following post doesn’t really fit in line with the normal spirit of the blog, simply because it’s not funny nor directly related to technology. It’s called Business 2.0, as it relates to the ever problematic question any business owner has: “When should I grow and how?”.

As you may know, I’ve been a freelance Asterisk Platform developer since early 2003, turned to freelance development (Penguin for hire) around April 2007. Since that time, I’ve built systems and platforms for some of the better known brands around the world. Be it working directly with the customer or through a 3rd party (as a sub contractor) – I can easily say that I’ve completed over 120 different large scale projects within 3 years time. Now, when I refer to projects, I’m not referring to installing PBX systems, I don’t do that at all – I’m referring to highly complex application level development, creating some of the most innovative Asterisk based systems I’ve ever seen.

Image representing Jajah as depicted in CrunchBase

Image via CrunchBase

Vodafone

Image via Wikipedia

Putting aside everything, finalizing a rough estimate of 40 development projects on a yearly base, most of these performed solely by myself is a fairly challenging task. Sure, at times I’ll outsource some work to other freelancers like myself, specifically in fields where I’m not all that fluent (Database, Web Development, UI) – but yet, doing that means that I’m conducting 3 – 5 projects on a monthly basis.

After doing so for 3 years now, I can’t help but start thinking about expanding my business, taking it to the next level by hiring more people and building it up to a new level. Question remains for this: “How? What is the natural track of expanding your business?” – of course the simple answer would be: “Just hire another developer or two, and start doing more sales” – it’s not as simple as it sounds. After thinking about it for some time, I’ve concluded there are a few models of expansion:

Model 1: Organic Growth

Organic growth can be described as the simplest way of growth: “Hire a new guy and get more work in”. The problem with this model that it is fully reliant on your ability to sell more. However, as you concentrate on sales more, you take time from the development and delivery process – thus, the addition of the new developer is not a 100% addition, it’s actually 100% (developer) minus 40% (you) – so you are not at 200% capacity, you are 160% capacity. Surely 160 is 100, however, for the initial 6 months, till the guy learns the ropes, you are not at 160, you are actually at 80 – can you and your business sustain that?

Thus, the main issue with Organic growth is cash flow, can your business sustain the elevated expenses with less income for the period of transition? If the answer is NO, then you need a different method. If the answer is YES, then you are in the best place in the world, however, bear in mind that taking someone to work for you is a responsibility – people are not resources, they are human beings, with families and children – taking someone to work for you is like taking responsibility for their lives.

Model 2: The Partner

Panama Business and Investment
Image by thinkpanama via Flickr

A partnership with a person who is equally matched to you is always a good option. Technically speaking, it means that you are teaming with someone who generates as much work as you do and is capable of finalizing the work as fast and as good as you can. Yet, taking a partner doesn’t negate the requirement for a new employee or two. In this case, you may end up with too much sales with too little staff to deliver – that is a big problem.

Another issue with partners is the issue of trust. While most partners tend to rely on each other and trust each other, that trust can easily be broken (in most cases by stupid things). It’s enough for one partner to now carry its weight in sales/development to initiate a chain reaction, shortly ending in the partnership dissolving.

So, the partner is a good option, however, may prove to be problematic if the wrong partner is chosen – in addition, dissolving a partnership solely on these issues isn’t all that simple – and usually ends up in litigation and other judicial issues – YUCK!

Model 3: Un-intrusive Angel

Some people ragard Un-intrusive Angels as “Stupid Money” – an Angel investor that doesn’t interfere in your company business model and operations. In many cases, this is how start-up companies start – someone gives them a lump sum of money to start their business, signing off to own a portion of the new company.

An un-intrusive investor usually gives you the money and pays you a visit once every few months to see how his money is spent. Don’t expect to raise a whole lot from these people, usually you will get anything from 25K$ to around 250K$ – tops. If you are getting an investment from an Angel, make sure you plan your business carefully – and make sure your investor knows what he is getting into. The Angel is not a found piggy bank, he is a business man looking for profit – if you make sure his expectations of profits (time frame, amount, percentage, etc) are kept within the reason of your business – he will make an educated decision and invest accordingly. Promises like: “you’ll double your money in 3 years” are stupid – make sure it’s realistic and to the point. If you promise the moon, and reach a star – that’s a problem, if you promise the skies and hit a start – that’s wonderful.

Model 4: The Strategic-Intrusive Angel

Jeff pulver

Image by TheFemGeek via Flickr

A strategic angel is similar to the previous one in terms of funds, however, he is more capable in assisting your business meet its goals. Usually, it would be someone who is already a well established figure in your business sector, had made his money from previous companies and is now looking for new ideas and businesses. I call him an intrusive Angel, as sometimes he may have ideas as to where your business should go – and he will make sure you hear his ideas. You may regard it as annoying, but you should still listen to your Angel and pay him the respect he deserves.

Sometimes this Angel may invest in your business due to the fact that he has a hidden agenda. An agenda can be: The angel looks at your business and see a certain potential you are not planning, he’ll invest and try to re-direct your company to the agenda he sees. This is usually the case when your angel is invested into several endeavours that is either parallel to each other or may have orthogonal intersection points. These angels can be the builders of your business or the destroyers, it is up to you to make sure the latter doesn’t happen.

Prolog:

So, which model did I choose? – I didn’t choose yet, I’m still figuring it out myself. What ever the model may be, the choice isn’t simple nor straight forward. At best, whatever choice I’ll take will have a profound impact on my business and me – so I’ll need to weigh my options carefully. If you can think of an additional model, I’d love to hear about it – so just comment on this post.

Reblog this post [with Zemanta]

Polycom, Inc.
Image via Wikipedia

Today I got the chance to speak at a Polycom half-day convention, mainly to speak about Asterisk and HDvoice. Now, putting aside the part about HDvoice (I’m getting a post about that on its own), I gotten to the point where I believe that I’m currently perceived as being an eccentric.

So, why am I eccentric? very simple, I’ve reached a point where I can say things that may be perceived as rude – and write it off an being an eccentric quirk.

I’ve talked about Asterisk ability to support Video, while the current Polycom VVX1500 video phone isn’t yet supported at its fullest. One of the people in the crowd mentioned some sleezy,al-cheapo, SIP Video phone (to be more exact, he’s the local distributor) – and I claimed that I don’t count that phone as a comparison to Polycom or other VoIP Video phones, simply because in my view it’s not a worth while comparison. Comm’on, let’s be realistic, can you compare a Polycom VVX1500 (an HDvoice Video phone) with some shitty sub-VGA SIP Video phone from China? the mere comparison is simply insulting for Polycom.

Shortly after negating that phone, the person stood up and left the room. At the break, a friend said to me that I shouldn’t have said that, in order to come out the bigger man. Common, the guy is surely making a joke of himself. I commented: “I’ve said what I said, I stand by my opinion – besides, you know I’m eccentric – eccentric people say eccentric things” – he agreed that I’m eccentric, after all, you can’t be an Open Source evangelist without being an eccentric – now can you?

Reblog this post [with Zemanta]

I guess that in every parents mind, their child is always a genius. The child may actually be the stupidest person on the face of the planet – however, for the parents, the child is a genius. I think this way of thinking is somewhat a constant across the universe, however, in Israel – adding the “Polish Mom” syndrome into the equation and you get a highly intense environment believing that what ever the child says, be it as moronic as a toon, is considered sheer genius.Continue reading

Well, it has been almost 4 days since VON Boston and I’m sorry to say, that not much has changed since last year – apart from the fact that this year’s VON had seemed to be a little smaller to me.

As some of you may know, I’ve teamed up with Jeff Pulver’s Free World Dialup (FWD) team. If some of you are familiar with FWD, it was the first ever FREE VoIP community network. Much before networks like Skype, almost 12 years ago, the vision of free communications had been planted by Jeff Pulver and other pioneers. It has taken almost 12 years for the technologies to mature into a state where the vision is now close to being complete. Our intention is to be the driving force behind the community oriented telephony, providing a telecom’s vision into the Web 2.0 infrastructure, but not limited to Web 2.0. To learn more about FWD, please visit http://www.fwdnet.net, where you will learn more.

As a personal favorite of mine during VON, I was more than happy that Digium’s Asterisk pavilion had grown into the first – Digium Asterisk World. As some of you may know, I’ve devoted my last 5 years to the promotion and adoptation of Asterisk technologies and Asterisk based products and I’m extremly happy to see that Asterisk had become a dominent force in the VoIP market. All around the conference, you would see comapnies openly stating that they are compatible with Asterisk, proving again that open source can easily be considered a valid alternative for the telecoms market.

I hope that next years VON will introduce more Asterisk solutions and additional companies operating with the Open Source sector. I really hope to see more open source projects featured at VON, projects like OpenSER, FreeSwitch and Yate. While OpenSER had been around for a few years now, FreeSwitch is fairly new to the market and experts had adopted to it nicely – however, the entry bar is still too high.

I’ve attended the OpenSER administration training that took place during the last day of the convention. I can say one thing about the Daniel, one of the creators of OpenSER: you are a wonderful coder, but leave the teaching to other people – you are so boring!

Really, I like the guy, but after 3 hours of mind numbing listening – I simply left the place as I didn’t learn anything from the training. Just downloaded the presentation from the website and I’ll use mostly that. Daniel, if you are reading this, I suggest that you get some other member of the OpenSER team to do the lectures for you, someone with a bit more flair and showmanship.

Well, that’s it for now, if you’ve been to VON Boston, drop me a line.