Difference between revisions of "Dynamic Blacklist Functionality"

From Kolmisoft Wiki
Jump to navigationJump to search
Line 59: Line 59:
If a source_IP_number was calling more than SRC-IP-n1 times within SRC-IP-t1 minutes then SRC-IP-Score = SRC-IP-Score + SRC-IP-v1<br>
If a source_IP_number was calling more than SRC-IP-n1 times within SRC-IP-t1 minutes then SRC-IP-Score = SRC-IP-Score + SRC-IP-v1<br>
If a source_IP_number was calling more than SRC-IP-n2 times within SRC-IP-t2 hours then SRC-IP-Score = SRC-IP-Score + SRC-IP-v2<br>
If a source_IP_number was calling more than SRC-IP-n2 times within SRC-IP-t2 hours then SRC-IP-Score = SRC-IP-Score + SRC-IP-v2<br>
If a source_number was calling more than SRC-n1 times within SRC-t1 minutes then DST-Score = DST-Score + DST-v1<br>
<br>
<br>
Variables like DST-n1 to SRC-IP-v2 need to be defined manually.
Variables like DST-n1 to SRC-IP-v2 need to be defined manually.

Revision as of 13:57, 12 February 2014

Description

Blacklist functionality Dynamic Routing is based on a smart logic which puts a 'score' on the call by its SRC, DST or RTP IP and allows routing calls with high score over different route. This functionality gives you an ability to define LCR as Blacklist Providers group. These Providers work like any other Provider in MOR system. MOR reroutes all the calls, that have a score more than a defined threshold, to this Blacklist LCR.

This functionality is useful when system owner wants to route 'suspect' calls through different route than 'normal' calls.

Example: calls from such countries as Nigeria, Sudan, etc. based on their IP/CallerID can be marked as 'suspects' and routed to some IVR or to the dead-end.



Configuration

You can manage



Monitorings settings.png

Blacklist Feature enabled – enables Blacklists functionality in all system.

Default Blacklist LCRLCR with Balcklist Providers.

Default Routing Threshold – sum of SRC, DST and RTP IP limit. If SRC, DST or RTP IP scores sum, received during the call, is bigger than Defaullt Threshold, call will be routed through selected Blacklist LCR.

Default scores – Default scores of SRC, DST or RTP IP. There will be cases where MOR will not find a score for a given SRC, DST or RTP IP. In each of the cases MOR will add the missing values from these settings.

Use default blacklisting rules – check this to use Blacklisting Script for SRC, DST or RTP IP scoring.

This feature is designed to stop the score manipulation done by the blacklisting script (Intelligence). This feature is used in the situation where we want to disable the score number manipulation done by the blacklisting script but still keep the blacklist functionality.

As an example, maybe we will notice in the future that we have incorrectly setup the blacklisting script rules and as a result we are getting some false positives into our blacklist. In this case we don't want to completely disable the blacklisting feature but just disable the blacklisting script until we have had enough time to go back to the CDR analyses and figure out the correct values that need to be defined for the correct functioning of the blacklisting script.

If the Use default blacklisting rules is set to no then the MOR system should continue to add source numbers, destination numbers and source IP addresses to the blacklist database, but the blacklist script should not run and change the database values.



Blacklisting Script (Intelligence)

MOR does not know anything about the script and does not care about it. This script is INDEPENDENT from MOR.

What it will do is to try to figure out what a blacklisted call could look like. For example it could be that a customer of a customer tries to call one specific number more than 10 times a day or more than 5 times within one hour. Or there are many calls generated by one source phone number or one source IP media. It all depends on experience and assumptions and that may be different for all customers.


To use default blacklisting rules you have to create your own script:

  • Script can be done in any language.
  • Script can be placed anywhere in the system
  • It is advisable to run this script periodically with Cron
  • It should analyze CDRs and make decisions based on various criteria.
  • After that it should populate appropriate DB fields to put scores for various values.


The script to change scores could work like this:

If a destination_number was called more than DST-n1 times within DST-t1 minutes then DST-Score = DST-Score + DST-v1
If a destination_number was called more than DST-n2 times within DST-t2 hours then DST-Score = DST-Score + DST-v2
If a source_number was calling more than SRC-n1 times within SRC-t1 minutes then SRC-Score = SRC-Score + SRC-v1
If a source_number was calling more than SRC-n2 times within SRC-t2 hours then SRC-Score = SRC-Score + SRC-v2
If a source_IP_number was calling more than SRC-IP-n1 times within SRC-IP-t1 minutes then SRC-IP-Score = SRC-IP-Score + SRC-IP-v1
If a source_IP_number was calling more than SRC-IP-n2 times within SRC-IP-t2 hours then SRC-IP-Score = SRC-IP-Score + SRC-IP-v2
If a source_number was calling more than SRC-n1 times within SRC-t1 minutes then DST-Score = DST-Score + DST-v1

Variables like DST-n1 to SRC-IP-v2 need to be defined manually.

Example

If a destination_number was called more than 5 times within 60 minutes then DST-Score = DST-Score + 100
or
If a source_IP_number was calling more than 40 times within 5 hours then SRC-IP-Score = SRC-IP-Score + 100


NOTE: It is not possible to set X amount of times within X amount of seconds

It should be set X amount of times within X amount of minutes (not seconds).

Moreover, script will not block immediately. It depends on how often cron launch blacklisting script.


If you want to create such script, please contact Kolmisoft, we will consult how to do this, will provide necessary database info and all other details.



See also