[VOIPSEC] Confirmed cases of SPIT

dan_york at Mitel.com dan_york at Mitel.com
Tue Mar 14 18:03:49 EST 2006


On 14 Mar 2006, at 10:49 AM, <jcaldwell at SonicWALL.com> 
<jcaldwell at SonicWALL.com> wrote:

> Hello,
> To date, I have personally confirmed but single case of SPIT (Spam 
> over
> Internet Telephony).  The report was from one of our customers in the
> Netherlands's area and was reported as an unsolicited Religious
> Evangelism call apparently emanating from the US.  There has been a
> great deal of press and discussion surrounding SPIT.  However, I am
> interested in hearing if there have actually been other confirmed 
> cases.

I think a number of us have taken the position that SPIT is a sexy topic
that can generate nice headlines (i.e. "SPIT happens", "When the SPIT hits 

the fan", etc.) but *today* is not much of a real threat.  DoS attacks 
and other network-level threats are far more of a real concern.  Also,
as Irwin Lazar from the Burton Group said in his recent webinar slides, 
PSTN serves as a natural "firebreak" between enterprises.  Today, even
though enterprises may have large VoIP deployments, calls that go
*between* enterprises still (usually) have to go through the PSTN. 
Ditto for consumer VoIP services. 

So essentially VoIP deployments are still all islands connected together 
through the PSTN. This means that VoIP spammers (i.e. telemarketers) are 
still constrained by the inherent limitations of spam over the PSTN 
(aka telemarketing calls), i.e. you are limited by the number of trunks
you have, the latency of the call connection process... all of which 
a telemarketer/spammer can deal with today with larger numbers of trunks
and larger banks of wardialling software and appropriate interfaces.

So because of that, I don't think you'll see many cases of "true" SPIT.


But I think this does change, though, once we all start supporting things 
like SIP trunking *and* calls from random IP endpoints.  SIP trunking 
doesn't necessarily open things up because you can do a SIP trunk out
to your ITSP or soft-switch provider which has the same essential
function as your trunk today to your PSTN access provider.  Only 
is you are going over a data connection versus an actual T1 or similar 
PSTN connection.

But once you start allowing connections to your SIP trunk from other 
*random* SIP endpoints, now you open yourself up to potential of the 
automated attacks that make good headlines (i.e. script kiddies can 
make a script that goes and floods a SIP server with SIP INVITE messages 
and then starts streaming RTP to whatever endpoints answer) and generally
automate the PSTN wardialling of today.

Whether or not that potential for automated attacks becomes a reality will
probably largely depend on how well standards evolve for assuring 
identity... and the success of that is one of those questions that 
will probably divide this group into either optimists ("We will solve it
before it becomes a major problem") or pessimists ("We're never going to
be able to fix it and are going to drown in SPIT").

I'm sure others on this list will have some opinions on this.

My 2 cents,

P.S. Jonathan and I did a mini-tutorial on SPIT on our podcast #18 at

Dan York, CISSP
Dir of IP Technology, Office of the CTO
Mitel Corp.     http://www.mitel.com
dan_york at mitel.com +1-613-592-2122
PGP key (F7E3C3B4) available for 
secure communication

More information about the Voipsec mailing list