DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| Are you ready for SPIT?
SPIT = SPam over Internet Telephony
I've started a thread in "Stopping SPAM" forum regarding a news item that soon VoIP users could be subject to unsolicited ads delivered directly to their SIP phones (very much like SPIM - SPam over Instant Message).
Click here for the thread. |
|
jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs: 
 ·Comcast
 ·Vonage
| That's not good. I guess we should have all expected it?
Thanks for the info DrTCP  . All I know is I am going to be very pissed when this starts happening.
Does this mean we're going to need spam SPIT filtering on our VOIP accounts?
--
Support the First Amendment | Nero for data, Feurio! for music | Friends don't let friends use MP3's |
|
digiblur
Got Sipura?
Premium
join:2002-06-03
Louisiana | reply to DrTCP
Not the least bit worried about it. |
|
DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| said by digiblur :Not the least bit worried about it. Why not? It is not rocket science to combine a port scanner with a VoIP robot calling IP numbers. |
|
digiblur
Got Sipura?
Premium
join:2002-06-03
Louisiana | I'd be more than happy to give you my IP. I have three SIP devices sitting on my network. I wanna see 'em ring. |
|
Trimline
Premium
join:2004-10-24
Orlando, FL | Help me think this through....if your TA is behind a firewall and can't be seen and is registered with your provider, how could they SPIT on you?
I must be missing something. |
|
ceocio
join:2004-04-16
Columbus, OH
| reply to DrTCP
It's expected to come sooner or later.. Fortunately, I haven't been bothered by it YET, although I am registered to like over a dozen Sip and iax providers..
Just curious how do spammers collect sip addresses? Like email spammers, email harvesting programs are everywhere, if you post your email here in the forum, I promise you will get spammed before you knew it ;)
So spitters just dial something like 1xxxx@fwd.pulver.com, # by # incrementally or they have a smarter way to do this..? |
|
sirsloop
Premium
join:2004-02-18
New York, NY | reply to DrTCP
what if your voip provider doesnt support ip dialing?  |
|
priller
join:2000-10-20
Gainesville, VA
·voip.ms
·Callcentric
·Vonage
·callwithus
1 edit | reply to DrTCP
No ... no .... no .... no.
SIP Authentication is done with an authentication username and authentication realm. This should be implemented by any consumer VoIP service.
Somebody can't just send a SIP INVITE to your TA and make your phone ring. The SIP Proxy and the SIP Agent will only accept SIP messages from each other upon proper authenication.
Could SPIT happen to "open" SIP devices on the net, yes. But, not to a commercial service. |
|
priller
join:2000-10-20
Gainesville, VA
·voip.ms
·Callcentric
·Vonage
·callwithus
1 edit | Actually, here's an SIP Proxy sending back an "Unauthorized". |
|
DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| reply to priller
said by priller :Could SPIT happen to "open" SIP devices on the net, yes. I took the article was talking about SIP phones that could be IP dialled without going through a provider. So, provider authentication will not apply.
When the SIP phones becomes more common place most people might choose to SIP Phone to SIP Phone communications for some of their calls (along with DynDNS style registration). |
|
priller
join:2000-10-20
Gainesville, VA | Fair enough. When this has come up before, most people assumed it could happen to their Vonage, SunRocket, etc. accounts. |
|
jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:
·Comcast
·Vonage
| said by priller :When this has come up before, most people assumed it could happen to their Vonage, SunRocket, etc. accounts. I know I did. |
|
