[VOIPSEC] Solutions in addressing SPIT (Spam over Internet Telephony)

[Russell Howe]

On Thu, Feb 10, 2005 at 04:05:30PM +0200, Diana Cionoiu wrote:
> IMHO, VoIP is no different from PSTN regarding SPAM.

I'd be inclined to think it'd be more like email regarding spam, so long
as messaging to internet-connected systems is free. It only takes a few
VoIP gateways to be misconfigured (accidentally or maliciously) and you
have a VoIP equivalent of an open relay.

I'm assuming here that the common configuration will be for somebody to
require authentication in order to initiate a call, of course - if it
would be more like email, where you have an easy way to find out which
destinations are likely to be accepted by a particular host (i.e. MX
records for SMTP) then I can't see what's to stop a host from just
calling up users once it has a list of numbers.

Of course, an open VoIP relay might attract more attention, since it
would likely be used to place chargeable calls from, which is presumably
likely to get noticed.

I can just picture the kiddies jumping up and down in glee as they
realise not only can they use internet-type attacks, but also combine
them with 'phreaking'-type attacks.

-- 
Russell Howe       | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?