http://voipsa.org/mailman/listinfo/voipsec_voipsa.org The VOIPSEC Security Mailing List http://voipsa.org/pipermail/voipsec_voipsa.org/2010-February/003111.html Tschofenig, Hannes (NSN - FI/Espoo): SPIT Misuse Classification?: Hi all, <br /> I am looking for a classification of SPIT misuse. Has someone worked on such a classification terminology or seen it elsewhere? <br /> Thanks in advance! <br /> Ciao Hannes <br /> http://voipsa.org/pipermail/voipsec_voipsa.org/2010-February/003110.html Vijay K. Gurbani: IPTComm 2010 - 4th Conference on Principles, Systems and Applications of IP Telecommunications: ****** NOTE: Submissions due on Mar 5, 2010 ******* ****** NOTE: Submissions due on Mar 5, 2010 ******* <br /> Dear Colleagues: IPTComm is one of the few conferences dedicated solely to IP telecommunications. Please excuse the posting to this list, but I believe that the conference will be of interest to [...] http://voipsa.org/pipermail/voipsec_voipsa.org/2010-February/003109.html Dan Wing: Security VoIP Project: [...] <br /> A significant omission on that Wikipedia page: it doesn't mention DTLS-SRTP (which is the IETF's current favorite for keying SRTP, as decided at the RTPSEC BoF at IETF68 (Prague, March 2007), http://www.ietf.org/proceedings/68/minutes/rtpsec.txt). <br /> [...] <br /> http://zfoneproject.com/partners. [...] http://voipsa.org/pipermail/voipsec_voipsa.org/2010-February/003108.html Dan Wing: RTP traffic going to 1.1.1.1: [...] <br /> It's a shame we can't get any spam-over-VoIP protection added to SIP. <br /> -d <br /> [...] <br /> http://voipsa.org/pipermail/voipsec_voipsa.org/2010-February/003107.html PeterThermos: FW: Re: Security VoIP Project: Serge, here is an online version of the book "Securing VoIP Networks". http://www.scribd.com/doc/18995405/Securing-VoIP-Networks <br /> In addition to the implementations below it contains an extensive discussion on SRTP (page 217) and how it works with various key exchange mechanisms including ZRTP, SDESCRIPTIONS and MIKEY (page 231). <br /> I hope it helps <br /> Regards, <br /> Peter <br /> Serge, There are a few SRTP implementations that you probably can use in your project: <br /> ZRTP: Implements SRTP using the ZRTP key exchange: http://zfoneproject.com/getstarted.html <br /> Minisip: Also implements SRTP with MIKEY key exchange. http://www.minisip.org/ <br /> Depending on your time-schedule and project requirements there are a number of attack vectors that you may want to explore (e.g., attacks against signaling vs media). <br /> Regards, <br /> Peter <br /> On February 2, 2010 at 6:34 AM SERGE TUMBA <serget68 at msn.com> wrote: <br /> [...] <br /> http://voipsa.org/pipermail/voipsec_voipsa.org/2010-February/003106.html Rob Welbourn: Security VoIP Project: Yep. ZRTP works as a "bump in the stack" for soft clients. http://voipsa.org/pipermail/voipsec_voipsa.org/2010-February/003105.html Richard L. Barnes: Security VoIP Project: Hey Jiri, <br /> How does that work? I haven't looked at ZRTP in a while, but the last time I did, the authentication relied on users comparing a Short Authentication String, which doesn't seem compatible with proxy-to- proxy usage. <br /> On Feb 4, 2010, at 5:18 AM, Jiri Kuthan wrote: <br /> [...] [...] http://voipsa.org/pipermail/voipsec_voipsa.org/2010-February/003104.html Sandro Gauci: RTP traffic going to 1.1.1.1: Hi all, <br /> Just updated my blog with something that should be of interest to this list: http://blog.sipvicious.org/2010/02/rtp-traffic-to-1111.html <br /> Also Sjur blogged on that as well: http://www.usken.no/2010/02/sip-scanning-causes-ddos-on-ip-1-1-1-1/ <br /> Regards, <br /> Sandro Gauci [...] http://voipsa.org/pipermail/voipsec_voipsa.org/2010-February/003103.html Jiri Kuthan: Security VoIP Project: [...] <br /> Softclients don't need to have explicit support, they work just "as is" with zRTP. SEMS and Asterisk have zRTP support. <br /> -jri <br /> http://voipsa.org/pipermail/voipsec_voipsa.org/2010-February/003102.html Rick Porter: Security VoIP Project: The Wikipedia SRTP pages used to have a good summary until someone decided there was too much backdoor marketing on the page. Here is some of my information which reflects the "status", as I saw it, from last spring. <br /> If you're looking for SRTP and don't care about the particular key exchange, [...]