[VOIPSEC] Watering down VoIP security expectations
Mark Teicher
mht3 at earthlink.net
Fri Mar 10 07:20:06 CST 2006
If we go by SPAM by the numbers: 55 is the percentage of companies that have not implemented spam filtering due to the fact that they are afraid legitimate messages may be blocked, 19 is the percentage of opt-in, legitimate electronic mail from electronic newsletter publishers that never reach subscribers due to over-active spam filters, 400 is the number of domain names used by a typical spammer (source: National Spam Mail Abuse Association). For SPAM it is accurate to state that a majority of the electronic mail people receive can be broken out into various categories (i.e. personal correspondence, work-related correspondence, opt-in newsletters, bulletins, mailing lists, e-mail alerts).
When attempting to filter Spam over Internet Telephony (SPIT), it is much harder for VoIP vendors or ancillary product vendors to design content filters based on tell-tale calling patterns, war dialers, short call durations, patterns of spoken words or phrases or communicating with someone who legitimately has Tourette's Syndrome, faint calls, calls originating from people on headsets utilizing a public restroom at an airport, originating call tracking, poor call quality, etc. It is much different problem than addressing SPAM, although most argue it is a combined problem, when it really isn't. Although there are probably people who post to the list that have written or published ways of reducing SPIT in a converged network environment, hopefully they will have something helpful to contribute.
On Fri, Mar 10, 2006 at 10:16:00AM +0100, Tobias Glemser wrote:
> So my conclusion is this:
> The SPAM/SPIT problem will never be beaten, we can only try to develop
> better and better solutions to eleminate as many SPAM/SPIT as possible
> before it reaches the user. This is where we can evolve, just have a
> look at Anti-SPAM Boxes today. The race has begun but it will never finish.
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Ari Takanen
Sent: Friday, March 10, 2006 4:51 AM
To: Tobias Glemser
Cc: voipsec at voipsa.org
Subject: Re: [VOIPSEC] Watering down VoIP security expectations.
Hello all,
Good conclusion there Tobias. There is no technical solution for SPAM
as it is not a technical problem. It is a problem in all free, open
and un-moderated services. There is no way people can beat SPAM in
"Free Internet Telephony", and that is exactly why there is a business
opportunity in VoIP. People will still pay for good service.
The best prevention methods that aim at this focus on providing:
- reliable identity (SIM cards in mobile phones is one good idea)
- generic legislation, and specific contract practices between parties
- trust relationships between VoIP providers
So if someone spams you from Romania, you should be able to know who
to blame. The carriers will blacklist VoIP providers and servers that
do not act according to best practices, and hopefully someone will sue
the negligent service providers. Problem solved.
This still leaves SPAM bots, and other attacks where a system is
compromised and a trojan is installed on the system. This is a reason
why you should use reliable platforms and devices. List of Codenomicon
recommended vendors is available on our web site!
/Ari
PS: Update your VoIP devices regularly!
On Fri, Mar 10, 2006 at 10:16:00AM +0100, Tobias Glemser wrote:
> So my conclusion is this:
> The SPAM/SPIT problem will never be beaten, we can only try to develop
> better and better solutions to eleminate as many SPAM/SPIT as possible
> before it reaches the user. This is where we can evolve, just have a
> look at Anti-SPAM Boxes today. The race has begun but it will never finish.
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list