[VOIPSEC] SPIT and vishing

satyam tyagi satyam_tyagi at hotmail.com
Wed Jul 23 12:00:30 PDT 2008

Hi JunaRa,

I think there are three things here

1) Skype type service are no longer an island and with skypeout service being just $3 (no per minute charge) it may be economical for the spammers to use this, I remember at one time this was actually a free service. Also I think this has been there for a long time, I remember net2phone started in late 90s and was connecting VoIP to PSTN 

2) I agree at one point e-mail spammers solely used open relays and proxies, and this hasn't been enough widespread for VoIP yet, But for a spammer it does not have to be end-to-end VoIP wherever he connects it is VoIP and then it may jump to PSTN, he is fine. (Try to find an open 5060 on the internet which routes calls for them, find internet facing SIP trunks/lines etc)

3) Lastly bluetooth virus is a good point too, Lately e-mail SPAM is using outlook type viruses and farming contact lists and sending e-mails (this gets around requiring open-relays/proxies), this can be done the same for SMS/voice attacks (but then this has nothing to do with VoIP, it can be done on non-VoIP mobiles as well)
The main idea is even though it may not be end to end pure VoIP. (At some point call jumps on to PSTN)

VoIP helps spammers justify the economics, do SPAM internationally where laws are different, anonymously hide behind the internet, and also makes it much easier and cheaper to automate with small scripts and open source tools. (These are just benefits of VoIP that Spammers enjoy too; low/fixed cost, simpler automation and integration, international calls over the internet)

Some of these factors have already happened, and some are happening (as we have more open proxies on the internet).


-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On Behalf Of juanramon.cayon at unavarra.es
Sent: 23 July 2008 17:50
To: voipsec at voipsa.org
Subject: Re: [VOIPSEC] SPIT and vishing

Hello everyobdy, my name is JuanRa and i'm researching about VoIP security (lil more about me here --> http://www.linkedin.com/in/juanra) and this is my first message to the list

just wanted to add/ask something about this comments on SPIT.

Andrew posted Dan's comment:

> But until the time
> comes when: a) there are tons of SIP servers exposed on the Internet; 
> and b) those servers allow connections from random SIP endpoints...
> until that time, there's not a huge market potential for someone to 
> bother setting up a SPIT operation.

ok, maybe it's just my ignorance about how things really work here in VoIP (i'm new on this) but regarding two facts:

 - VoIP and mobile telephony integration
 - existing bluetooth-spreadable viruses

don't they shape an attractive enough scenario to bother setting up a SPIT operation?

Juan Ramón Cayón Alcalde
Departamento de Automática y Computación Universidad Pública de Navarra Campus Arrosadia, 31006 Pamplona (SPAIN)
Tel: +34 948 166050  Fax: +34 948 168924
e-mail: juanramon.cayon at unavarra.es

Voipsec mailing list
Voipsec at voipsa.org

Voipsec mailing list
Voipsec at voipsa.org

Keep your kids safer online with Windows Live Family Safety.

More information about the Voipsec mailing list