[asterisk-users] Is Enum safe from spammers?
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Jul 17 04:13:33 CDT 2009
Gordon Henderson schrieb:
> Just been contacted by a UK Enum registrar looking for ITSPs to become
> resellers of their Enum registration systems ...
>
> Is anyone using Enum?
Yes.
> Does anyone (other than cynical old me) think that Enum is a spammers best
> friend?
I think ENUM will not cause SPIT, but it can increase the efficiency.
> Has anyone received a spam VoIP call yet? (ie. one placed directly over
> the Internet aimed at a SIP URI to a PBX which allows anonymous incoming
> calls?)
No.
> I can see that Enum is good to provide another way round the PSTN, but at
> the same time, I'm just not convinced...
>
> What do others think?
SPIT (VoIP SPAM) is basically not a problem of ENUM, but of the
communication protocol (SIP, H323, IAX, XMPP).
E.g. SIP was developed with the same idea as SMTP: open connectivity -
everybody can send a message to everyone with the need of peering
agreements (thus, free of charge). Of course this introduces the same
problems as SMTP has. Unfortunately the designers of SIP did not
searched for a solution for this problem. Now, there is SIP-Identity
which would allow (would, because nobody uses it) authentication of the
caller - which is the basis for black/whitelists.
H323 and IAX might be different, but they also allow to have
unauthenticated calls.
So, as soon as you operate your VoIP environment in a "open" way
(regardless if it is SIP, XMPP ...) you are vulnerable to SPIT - even if
you do not have ENUM provisioned for your local extensions.
ENUM can be used by crawlers to find out valid VoIP URIs and can help
SPITting, but in the end the problems is on the SIP level and must be
solved there.
regards
klaus
More information about the asterisk-users
mailing list