jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs: 
 ·Comcast
 ·Vonage
| reply to priller
Re: Are you ready for SPIT?
said by priller  :When this has come up before, most people assumed it could happen to their Vonage, SunRocket, etc. accounts. I know I did. |
|
priller
join:2000-10-20
Gainesville, VA | reply to DrTCP
Fair enough. When this has come up before, most people assumed it could happen to their Vonage, SunRocket, etc. accounts. |
|
DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| reply to priller
said by priller :Could SPIT happen to "open" SIP devices on the net, yes. I took the article was talking about SIP phones that could be IP dialled without going through a provider. So, provider authentication will not apply.
When the SIP phones becomes more common place most people might choose to SIP Phone to SIP Phone communications for some of their calls (along with DynDNS style registration). |
|
priller
join:2000-10-20
Gainesville, VA
·voip.ms
·Callcentric
·Vonage
·callwithus
1 edit | reply to priller
Actually, here's an SIP Proxy sending back an "Unauthorized". |
|
priller
join:2000-10-20
Gainesville, VA
·voip.ms
·Callcentric
·Vonage
·callwithus
1 edit | reply to DrTCP
No ... no .... no .... no.
SIP Authentication is done with an authentication username and authentication realm. This should be implemented by any consumer VoIP service.
Somebody can't just send a SIP INVITE to your TA and make your phone ring. The SIP Proxy and the SIP Agent will only accept SIP messages from each other upon proper authenication.
Could SPIT happen to "open" SIP devices on the net, yes. But, not to a commercial service. |
|
sirsloop
Premium
join:2004-02-18
New York, NY | reply to DrTCP
what if your voip provider doesnt support ip dialing?  |
|
ceocio
join:2004-04-16
Columbus, OH
| reply to DrTCP
It's expected to come sooner or later.. Fortunately, I haven't been bothered by it YET, although I am registered to like over a dozen Sip and iax providers..
Just curious how do spammers collect sip addresses? Like email spammers, email harvesting programs are everywhere, if you post your email here in the forum, I promise you will get spammed before you knew it ;)
So spitters just dial something like 1xxxx@fwd.pulver.com, # by # incrementally or they have a smarter way to do this..? |
|
Trimline
Premium
join:2004-10-24
Orlando, FL | reply to digiblur
Help me think this through....if your TA is behind a firewall and can't be seen and is registered with your provider, how could they SPIT on you?
I must be missing something. |
|
digiblur
Got Sipura?
Premium
join:2002-06-03
Louisiana | reply to DrTCP
I'd be more than happy to give you my IP. I have three SIP devices sitting on my network. I wanna see 'em ring. |
|
DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| reply to digiblur
said by digiblur :Not the least bit worried about it. Why not? It is not rocket science to combine a port scanner with a VoIP robot calling IP numbers. |
|
digiblur
Got Sipura?
Premium
join:2002-06-03
Louisiana | reply to DrTCP
Not the least bit worried about it. |
|
jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:
·Comcast
·Vonage
| reply to DrTCP
That's not good. I guess we should have all expected it?
Thanks for the info DrTCP . All I know is I am going to be very pissed when this starts happening.
Does this mean we're going to need spam SPIT filtering on our VOIP accounts?
--
Support the First Amendment | Nero for data, Feurio! for music | Friends don't let friends use MP3's |
|
DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| SPIT = SPam over Internet Telephony
I've started a thread in "Stopping SPAM" forum regarding a news item that soon VoIP users could be subject to unsolicited ads delivered directly to their SIP phones (very much like SPIM - SPam over Instant Message).
Click here for the thread. |
|
