[Asterisk-Users] Re: VoIP SPAM, what's next ?

[Soren Rathje]

John Todd wrote:
> At 10:09 PM +0200 on 8/10/04, Soren Rathje wrote:
>> John Todd wrote:
>>>  At 7:14 PM +0200 on 8/10/04, Soren Rathje wrote:
>>>>  Gang,
>>>> 
>> [snip]
>>>> 
>>>>  /Soren
>>>> 
>>>>  It is the mark of an educated mind to be able to entertain a
>>>>  thought without accepting it.
>>>>  - Aristotle
>>> 
>> 
>> Ok, so we moved here from *-dev, no problem... ;-)
>> 
>>  > VOIP Spam is actually pretty trivial to take care of, if only the
>>>  manufacturers would wise up.  We're in the same place we were with
>>>  SMTP about twelve years ago.  I'm sure we'll see a slew of patents
>>>  and chest-pounding by people with obvious or trivial solutions -
>>>  welcome to the New WIPO World.
>>> 
>>>  The solution is simple: "End devices should have the option to only
>>>  accept authenticated requests."
>> 
>> If IP Telephony is supposed to "grow up"/mature into a technology
>> that will replace TDM over time, this is not an option unless you
>> are building whitelists of gigantic proportions...
>> 
> 
> You're jumping to an overly broad conclusion that whitelists must be
> created to contain the whole world.   I'm saying that I don't know
> the combination that will best serve the purpose: whitelists,
> blacklists, chains of trust, PKI, whatever.  I _do_ know that if my
> phone keeps accepting calls from everyone without using _any_ method
> of authentication, that we can't even debate what method is best or
> worst, because the calls will just pour in through the unprotected
> last device in the path.
> 
>>  > That's pretty simple, but that is the key to the whole solution.
>>>  However, most end devices will blindly accept any call that they're
>>>  given, so long as the destination number is correct.  I've seen a
>>>  few phones (Polycom is the only one that comes to mind) which will
>>>  challenge INVITEs.  SIP devices are pretty smart, but I don't think
>>>  they're capable of being "totally" smart.  The proxy in the middle
>>>  will have to retain some intelligence and reference some type of
>>>  permissions model or database to allow calls through or not.  I
>>>  trust that industry (and quasi-industry, like Asterisk)
>>>  programmers will come up with dozens of ways of intercepting and
>>>  thrashing unsolicited phone call, so long as there is no back door
>>>  that the spammer can sleaze through to get right to the desktop.
>> 
>> It challenges the concept of e164.arpa.

Eh.. The above line was supposed to go in a reply to someone else.. *embarrased*

What I meant to say (write) was that I agree with you but that would mean that P2P VoIP is no longer an option unless the same logic is introduced into UA's.

Oh shute, the reply went to a completely different list...

> 
> I do not agree with that at all.  You're putting words into the
> mouths of the users of the service.  Not everyone wants their phone
> on the open Internet; most people don't, actually (regardless of
> opinions on this list.)  If the "do not call" database of standard
> telephony in the USA is any reflection of typical opinion on how
> telephony should be regulated from unrestricted inbound calling, I
> would say that most people will be overjoyed to have their calls
> filtered by an intelligent proxy in the future, so long as they have
> control of the process.  I suspect that my SIP device will not have
> much say in this future world of authentication, other than taking
> it's marching orders only from authenticated sources, and perhaps
> having some features to allow me to (during/post call DTMF, or
> screen-based, or voice commands, or whatever) add a caller to a
> whitelist or blacklist.
> 

I guess that callers originating from China (an example) do not really care about the american DNC database nor do they have access to it.

VoIP have no borders between countries or carriers. I can call you from Denmark and have a direct connection, would you require me to do a lookup in the US DNC before calling you?? I have no law here that says I must do that. Sure it would be a polite thing to do, but if I were a spammer I couldn't care less.

> This says nothing about the option of keeping your phone unprotected
> and accepting any call.  e164.arpa doesn't make any judgement on what
> the endpoint is of a call, be it a proxy or a UA or something else,
> nor does it speak to the acceptance of a call - it merely says "if
> you want to reach this number, send the call to this IP address for
> further instructions."
> 
>>  > TLS SIP is also a nice concept, since it would require some sort
>> of 
>>>  "root" authentication that could be revoked or at least recognized
>>>  if a spam origin was adequately recognized.  This is all starting
>>>  to sound a lot like an anti-spam thread, so I'll stop here.  Most
>>>  intelligent people on the list should be able to figure out a bunch
>>>  of ways to prevent spam, but the primary one is accountability of
>>>  origin.  Anything that allows that accountability to be compromised
>>  > from the perspective of the destination means that spam will
>>>  inevitably slide in, so it is our job to enforce sane
>>>  authentication/authorization mechanisms NOW on the vendors from
>>>  whom we buy equipment/firmware.
>> 
>> Right, the sole purpose of the original post (in asterisk-dev) was
>> to figure out how aware people are of this potential problem and
>> also if people think of this as a problem.
>> 
>> /Soren
> 
> Surprisingly, Asterisk is light-years ahead of almost all the UAs and
> systems I've seen, and really has all the tools required to implement
> almost any type of method you want.  This becomes not an Asterisk
> question, but probably a distributed whitelist/blacklist question via
> an AGI or ENUM, which I don't think directly reflects on Asterisk as
> a development effort for Asterisk alone.  Granted, that database can
> be populated by Asterisk users, but I don't think much development is
> going to be required (if any) to do it - just a good lawyer, a robust
> and distributed network of core data systems, and someone who has the
> cycles and deep pockets to champion something for a monetary loss.
> So, Duane, want to put your ENUM tools to good use?  (see my post of
> a few minutes ago on "Blocking the do not call list" - it's
> marginally relevant.)
> 

That would be a good choice if used by endpoints like Asterisk. There are one really good way to annoy spammers, port scanners, intruders etc. and that is by not replying to their requests, like most personal firewalls do in stealth mode. If Asterisk could be made to sandbox the call or drop it in a black hole it would make their lives much more difficult.
 
The black hole theory have an interresting side effect, you delay your "attacker" and require them to use additional resources as they have to wait for transmission timeouts before they can proceed with the next "attack".

/Soren