[VOIPSEC] spam and enum

Simon Horne s.horne at packetizer.com
Fri Sep 1 10:38:01 CDT 2006 

Satyam

SPAM (and especially phishing) usually involves the spoofing of the senders 
address. Identifying the domain from where or expressly identifying who the 
caller is, goes a long way to stopping spoofing from occurring as the call 
contains some form of verification . Having blocked lists really isn't 
enough as a VoIP spammer may spoof their address as being from someone 
within your organisation or even within your white list. As we have seen 
with email with trojans that harvest contact lists or hackers who gain 
access to your white list at your service provider. Once a white list name 
has been harvested, it is very easy to start receiving calls with the 
caller ID as someone you trust only to answer it and find it's a 
pre-recorded stock market pump and dump scammer.

DKIM for email is a powerful tool only if you enforce the policy of only 
allowing DKIM authenticated emails, however since email was widely deployed 
prior to its invention most email servers don't support it yet so to 
enforce the policy is pointless so it becomes just another filter tool 
which really dilutes its effectiveness.

Simon




At 03:09 PM 1/09/2006, styagi at sipera.com wrote:
>Hi Dan, Simon,
>
>Digressing little bit from discussion here ...
>
>I don't see how authentication solves the SPAM problem.
>
>The reason we have e-mail spam is because it is easy to automate, free 
>etc. (signup for thosands of e-mail accounts, some of the email servers 
>use domain certificates etc but does not help much)
>
>Once SIP services become free and easy to automate (think free skype out 
>with SDK available to automate it and automated ways to signup for 
>accounts, same available for SIP)
>
>Unless I block out all unknown/first time callers or something
>
>Am I missing something.
>
>Thanks,
>Satyam
>
>Dan Wing <dwing at fuggles.com> wrote:
> > No but why call it end to end when you don't really do end to
> > end anyway? Why call it SIP identity when the UA's involved don't
> > actually identify themselves to each other.
>
>"SIP Edge Identity" could perhaps be a more accurate title.
>
> > Why have the
> > baggage of reverse authentication when perhaps for your intended
> > purpose you don't need it.
>
>If by 'reverse authentication' you mean the identity of the called
>party, SIP-Identity doesn't provide the identity of the called party --
>rather, it only identifies someone sending a request (such as an
>Invite). That is usually only the calling party. One way to get
>sip-identity to identify the called party is for the called party to
>send a request, and have that request signed by their sip-identity
>agent. draft-ietf-sip-connected-identity-01.txt suggests doing that.
>
> > Why don't you just use TLS and then you get a secure
> > signalling channel too.
>
>The existence of NATs, firewalls, and SBCs precludes opening a TCP
>connection directly with each other.
>
>-d
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list