[VOIPSEC] Confirmed cases of SPIT

Wil Cochran WCochran at engate.com
Wed Mar 15 14:56:32 CST 2006 

Dan,  you have got this right, and it is refreshing to see some clueful
discussion on this topic!

Wil

Wil Cochran
ENGATE TECHNOLOGY CORPORATION
wcochran at engate.com
775.745.7151
Direct: 408.414.5975
www.engate.com


-----Original Message-----
From: dan_york at Mitel.com
To: voipsec at voipsa.org
Cc: jcaldwell at SonicWALL.com
Date: Tue, 14 Mar 2006 15:03:49 -0800
Subject: Re: [VOIPSEC] Confirmed cases of SPIT

> Jeff,
> 
> On 14 Mar 2006, at 10:49 AM, <jcaldwell at SonicWALL.com> 
> <jcaldwell at SonicWALL.com> wrote:
> 
> > Hello,
> > To date, I have personally confirmed but single case of SPIT (Spam 
> > over
> > Internet Telephony).  The report was from one of our customers in the
> > Netherlands's area and was reported as an unsolicited Religious
> > Evangelism call apparently emanating from the US.  There has been a
> > great deal of press and discussion surrounding SPIT.  However, I am
> > interested in hearing if there have actually been other confirmed 
> > cases.
> 
> I think a number of us have taken the position that SPIT is a sexy
> topic
> that can generate nice headlines (i.e. "SPIT happens", "When the SPIT
> hits 
> 
> the fan", etc.) but *today* is not much of a real threat.  DoS attacks 
> and other network-level threats are far more of a real concern.  Also,
> as Irwin Lazar from the Burton Group said in his recent webinar slides,
> the
> PSTN serves as a natural "firebreak" between enterprises.  Today, even
> though enterprises may have large VoIP deployments, calls that go
> *between* enterprises still (usually) have to go through the PSTN. 
> Ditto for consumer VoIP services. 
> 
> So essentially VoIP deployments are still all islands connected
> together 
> through the PSTN. This means that VoIP spammers (i.e. telemarketers)
> are 
> still constrained by the inherent limitations of spam over the PSTN 
> (aka telemarketing calls), i.e. you are limited by the number of trunks
> you have, the latency of the call connection process... all of which 
> a telemarketer/spammer can deal with today with larger numbers of
> trunks
> and larger banks of wardialling software and appropriate interfaces.
> 
> So because of that, I don't think you'll see many cases of "true" SPIT.
> 
> *Today*.
> 
> But I think this does change, though, once we all start supporting
> things 
> like SIP trunking *and* calls from random IP endpoints.  SIP trunking 
> alone
> doesn't necessarily open things up because you can do a SIP trunk out
> to your ITSP or soft-switch provider which has the same essential
> function as your trunk today to your PSTN access provider.  Only 
> difference
> is you are going over a data connection versus an actual T1 or similar 
> PSTN connection.
> 
> But once you start allowing connections to your SIP trunk from other 
> *random* SIP endpoints, now you open yourself up to potential of the 
> automated attacks that make good headlines (i.e. script kiddies can 
> make a script that goes and floods a SIP server with SIP INVITE
> messages 
> and then starts streaming RTP to whatever endpoints answer) and
> generally
> automate the PSTN wardialling of today.
> 
> Whether or not that potential for automated attacks becomes a reality
> will
> probably largely depend on how well standards evolve for assuring 
> identity... and the success of that is one of those questions that 
> will probably divide this group into either optimists ("We will solve
> it
> before it becomes a major problem") or pessimists ("We're never going
> to
> be able to fix it and are going to drown in SPIT").
> 
> I'm sure others on this list will have some opinions on this.
> 
> My 2 cents,
> Dan
> 
> P.S. Jonathan and I did a mini-tutorial on SPIT on our podcast #18 at
> http://www.blueboxpodcast.com/2006/03/blue_box_podcas_1.html
> 
> -- 
> Dan York, CISSP
> Dir of IP Technology, Office of the CTO
> Mitel Corp.     http://www.mitel.com
> dan_york at mitel.com +1-613-592-2122
> PGP key (F7E3C3B4) available for 
> secure communication
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> This email has been screened by the Engate MailSentinel(tm) (EMS 2500)
> http://www.engate.com
> Report:
> 3wkAAAEAAACCPv5Bgj7+QRoAAABWb2lwc2VjLWJvdW5jZXNAdm9pcHNhLm9yZxkAAABtaW5
> lcnZhLmJ1cnRvbmhvc3RpbmcuY2
>

More information about the Voipsec mailing list