Sunday, September 24, 2017

A Lesson About Toll Fraud via SIP Tracing

I had Skype for Busiess EV customer contact me saying one of their call center agents couldn't call a delear in Guatemala (For reference, the customer has multiple dealrs throughout Centeral America.). I knew the customer has international dialing capabilities through their PSTN Carrier, so not being able to call one country in Central America seemed odd to me. Why was their PSTN Carrier singling out Guatemala?

I started troubleshooting by making sure the user with the failed calls was EV enabled and also had a voice policy in Skype for Business that allowed for international calls. (Yes, I know, it seems kinda basic, but I prefer to start with the easy things and work my way up.) Upon investigation, the user was EV enabled and setup properly in Skype for Buisnesss to allow for international dialing. I asked if other international calls were working and the user said 'yes'.

The problem didn't appear to be in Skype for Business. I also had another user confirm that they couldn't dial any Guatemalan numbers either. Since some international calls were making it out, I needed to get a trace from their gateway to see what was going on.

Luckily for me, they have an AudioCodes SBC. The AudioCodes Syslog tool makes troubleshooting issues like this one much easier. I had the user having issues place a call while I ran the call trace from the Audiocodes SBC. The 'call ladder' diagram in the Syslog tool is excellent for seeing the flow of the SIP messages between Skype for Business, SBC, and Carrier. Here's the call ladder for the failed Guatemala call:



Notice the PSTN Carrier sends a SIP 403 Forbidden Message? A SIP 403 Forbidden message typically means that the user is not permitted to make the call. I've seen this in Skype for Business, for example, when someone with a long distance voice policy tries to make an international call. I didn't know why the customer was getting a SIP 403 from their PSTN Carrier, but I recommended they open a support ticket with their PSTN Carrier and provide them with the trace I took from the SBC.

The PSTN Carrier contacted the customer later that day and said due to high volumes of toll fraud from certain countries in Central America, they were blocking all calls. Wow! I have never seen/heard a carrier proactively do this before, but this does explain the behavior the customer was experiencing.

The customer is going to work with their PSTN Carrier to see what can be done to unblock calls to certain numbers (essentially, white-listing numbers they need to call). This was interesting problem, but I'm glad the resolution was pretty straightforward. Also, I can't recommend the AC Syslog tool enough when you need to take a trace from an AudioCodes SBC.



No comments:

Post a Comment