This project is an effective real time system to block Internet Revenue Share Fraud in SIP networks. It is based on advanced algorithms developed since 2014. We give preference for predictive algorithms instead of anomaly detection that in our judgment delays the detection of the attack. This new version is much more effective and simpler. What has changed since version 1.

  1. Open Source GPL License
  2. VNF – TFPS is now a virtualized network function. So it consumes a single instance and it is provisioned easily by a shell script configured during the launch.  VNFs usually do not have an interface, they only have APIs to provision, get status and statistics. 
  3. Parameters for each customer are learned directly by using an IVR. 
  4. Improved the detection of malicious IPs using a new database. 
  5. Additional security with Voice Captcha and PIN for new destinations


Click here to go for the TFPS Video Tutorial

Security Requirements

This project was created to run behind a firewall. The only system with access to this server should be the softswitch or PBX.



TFPS is free and open source. Download it from git and run at your own risk. If you prefer to have technical support you can run  TFPS on the AWS Marketplace, there is a 7 day free trial. If you need help with the integration, you can use our professional services. Our pricing page is available below.  


Price List    
Item Description Price
TFPS-OP TFPS On Premise on VMWARE of ODF format(One Time Fee) US$3000.00
TFPS-Cloud TFPS ON AWS Cloud Please check the AWS Marketplace
TFPS-Integration Installation and Integration to the SoftSwitch or PBX US$1500.00
TFPS-Support Support Incident (Priority) US$ 75.001

1 – Does not apply to the AWS subscription where support is included.

We reserve the right to change the prices to reflect changing market conditions without previous notice.  Please consult, if the company is a large phone company with advanced requirements. 

Bugs and Issues

If you find bugs and issues, please report on the issues of the github project. 

Github Project :


This project requires:

  • Debian 10 Buster
  • OpenSIPS 3.2 – All modules
  • Asterisk 16 – Default installed with apt-get
  • Asterisk TTS –\ msmtp – smtp client
  • mailutils – email client
  • m4 – GNU m4 preprocessor
  • ipabusedb key


The installation is made using SSH. Please use ssh or putty to access your instance.

Deploy the database to MySQL

sudo mysql < fps.sql

Configure the system by editing the file defines.m4, pay attention to the backticks. Use nano or vi to edit the file

Go to the directory below

cd /usr/src/tfps
vi defines.m4
define(`PRIVATE_IP', `')          #Private IP of the server
define(`PUBLIC_IP', `')          #Public IP of the server
define(`PORT', `5060')                        #Port of the Server
define(`SQL_ACCOUNT',`root')                  #SQL account, always use root
define(`SQL_PASSWORD', `')                    #SQL password leave blank, mysql is running without external access
define(`ABUSE_DB_KEY', `')  #IP abuse DB key (obtained at
define(`BUSINESS_HOURS',`America/New_York|20210104T090000|21000104T170000||WEEKLY|||MO,TU,WE,TH,FR')        #Define business hours, see format at the RFC2445 (Timezone|StartDate|EndDate|Periodicity|||Days of week)
define(`ISP_EMAIL',`from_email')                      #Email in the From address
define(`NOTIFICATION_EMAIL',`some_email')             #Email where to send the notifications
define(`AUTHORIZE_METHOD',`503')                      #503 - (Use 503/603 to authorize/deny calls), or 302 (Send 302 Redirect)
define(`VERIFICATION_METHOD',`CAPTCHA')               #CAPTCHA/PIN (CAPTCHA, simpler for the user, PIN, safer, but have to be distributed)
define(`PIN',`6578')                                  #PIN to authorize calls if the method is PIN
define(`MAX_CAPTCHAATTEMPTS',`3')               #Max failed capctha_attempts
define(`CACHE_BLOCK_TIME',`3600')               #Block failed captcha for this time
define(`MAX_CONCURRENT',`5')                    #Maximum number of concurrent calls
define(`SMTP_HOST',`some_host.some_domain')            #EMAIL ACCOUNT CONFIGURATION
define(`SMTP_EMAIL',`[email protected]_domain')     #EMAIL ACCOUNT CONFIGURATION
define(`SMTP_ACCOUNT','some_account')           #EMAIL ACCOUNT CONFIGURATION
define(`SMTP_USER',`some_user')                 #EMAIL ACCOUNT CONFIGURATION
define(`SMTP_PASSWORD',`some_password')         #EMAIL ACCOUNT CONFIGURATION

After filling the file defines.m4 (you will need an api key for ipabusedb with your own definitions, then run

sudo ./

Restart OpenSIPS and Asterisk

systemctl restart opensips
systemctl restart asterisk

Client Installation

There are two modes of operation. 503/603 and Redirect. In the 503/603 the system will respond with 603 each time it detects a fraud. This response shouldn’t failover to the next gateway. When receiving a 503, the system should failover to the next gateway and complete the call.

If in redirect mode, the system will return a 302 Moved Temporarily with a prefix A00 in the Request URI, in the client system, strip the A00 and complete the call. See the docs

Admin Options

TFPS was designed to work hands free. However there are a few situations where you may want to interfere. For this we have the CLI utility tfpsctl.

To remove a user use:

sudo tfpsctl remove username domain

To reset the quotas of a user:

sudo tfpsctl reset username domain

To list users

sudo tfpsctl list