[VOIPSEC] SPIT and vishing

Thijs van Esveld thijs.van.esveld at hva.nl
Thu Jul 17 03:46:13 EDT 2008


Let me first introduce myself because this is my first contribution to the
voipsa mailing list. My name is Thijs and I'm a 24 year old Informatics
student from the Netherlands. I'm currently working on a report about SPIT
and vishing.

I have a question regarding SPIT that I have not been able to find out yet
and I hope you might be able to give me the answer or point me in the right
direction. I have been searching for different ways to send SPIT messages
and chose to take a better look at Spitter and the possibilities of sending
SPIT using a botnet. The working of Spitter is clear to me but regarding a
botnet I have not been able to find out through what ways the SPIT is send.
Does a botnet make use of "open SIP proxies", like in the beginning of the
spam days that spam used a lot of open mail relays? Or will it use it's
victim's SIP proxy that the internet provider provides?

I also had a nice discussion about the definition of vishing with my mentor
yesterday, he asked me if it would only count as vishing if I would set up a
VoIP IVR or also when I set up a call center in India that pretends to be
the support desk of the target financial institution (they might even call
the targets). I couldn't give him a good answer since I've been only
thinking about using an IVR in my report so far.

To finnish this mail I would like to do a request. For my research I have
sent a questionnaire to a few Dutch internet service providers. To ask them
if and how they are working on the problems of SPIT and vishing. Are there
any people here that are working for ISP's and are also willing to answer
these questions? If it's preferred I can also add the questions here in the
mailing list instead of contacting people directly.

Your help is greatly appreciated.

Kind regards,
Thijs



More information about the Voipsec mailing list