[asterisk-users] Is Enum safe from spammers?

Alex Balashov abalashov at evaristesys.com
Fri Jul 17 04:24:38 CDT 2009


IMHO, anonymous calls should never, ever be accepted for a variety of  
reasons. It is naive.

Just because it is convenient does not mean it should be done.

Trusted calls between indeterminate parties can be arranged through  
peering federations, clearinghouses, etc. --> whatever VoIP peering  
model the market ultimately ends up adopting.

--
Sent from mobile device

On Jul 17, 2009, at 5:13 AM, Klaus Darilion <klaus.mailinglists at pernau.at 
 > wrote:

>
>
> Gordon Henderson schrieb:
>> Just been contacted by a UK Enum registrar looking for ITSPs to  
>> become
>> resellers of their Enum registration systems ...
>>
>> Is anyone using Enum?
>
> Yes.
>
>> Does anyone (other than cynical old me) think that Enum is a  
>> spammers best
>> friend?
>
> I think ENUM will not cause SPIT, but it can increase the efficiency.
>
>> Has anyone received a spam VoIP call yet? (ie. one placed directly  
>> over
>> the Internet aimed at a SIP URI to a PBX which allows anonymous  
>> incoming
>> calls?)
>
> No.
>
>> I can see that Enum is good to provide another way round the PSTN,  
>> but at
>> the same time, I'm just not convinced...
>>
>> What do others think?
>
>
> SPIT (VoIP SPAM) is basically not a problem of ENUM, but of the
> communication protocol (SIP, H323, IAX, XMPP).
>
> E.g. SIP was developed with the same idea as SMTP: open connectivity -
> everybody can send a message to everyone with the need of peering
> agreements (thus, free of charge). Of course this introduces the same
> problems as SMTP has. Unfortunately the designers of SIP did not
> searched for a solution for this problem. Now, there is SIP-Identity
> which would allow (would, because nobody uses it) authentication of  
> the
> caller - which is the basis for black/whitelists.
>
> H323 and IAX might be different, but they also allow to have
> unauthenticated calls.
>
> So, as soon as you operate your VoIP environment in a "open" way
> (regardless if it is SIP, XMPP ...) you are vulnerable to SPIT -  
> even if
> you do not have ENUM provisioned for your local extensions.
>
> ENUM can be used by crawlers to find out valid VoIP URIs and can help
> SPITting, but in the end the problems is on the SIP level and must be
> solved there.
>
> regards
> klaus
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users



More information about the asterisk-users mailing list