[Asterisk-Users] Re: VoIP SPAM, what's next ?

hank hank at hanksmith.net
Tue Aug 10 12:12:14 MST 2004 

voip spam?
I have never gotten any yet.

----- Original Message ----- 
From: "John Todd" <jtodd at loligo.com>
To: <asterisk-users at lists.digium.com>
Sent: Tuesday, August 10, 2004 11:13 AM
Subject: [Asterisk-Users] Re: VoIP SPAM, what's next ?


> At 7:14 PM +0200 on 8/10/04, Soren Rathje wrote:
>>Gang,
>>
>>Do anyone have a clue on how they do this ??
>>
>>"QOVIA FILES PATENTS FOR VOICE SPAM BLOCKING TECHNOLOGY"
>>http://www.qovia.com/company/news/06.28.2004_voip_spam_patent_app_final.htm
>>
>>"Qovia ready to take on VoIP spam"
>>http://www.nwfusion.com/news/2004/071204qovia.html
>>
>>Next thing will probably be a sbl.e164.org service to block spammers like 
>>we do with email... :-)
>>
>>Hmm.. Imagine a built-in reporting tool in Asterisk. Hit **666**# and 
>>Asterisk will report the IP address of the caller (and possibly also the 
>>CID but it can be forged as we all know) on-line and in real-time to a SBL 
>>list for immediate blocking and further processing...
>>
>>Any takers ??
>>
>>/Soren
>>
>>It is the mark of an educated mind to be able to entertain a thought 
>>without accepting it.
>>- Aristotle
>
>
> VOIP Spam is actually pretty trivial to take care of, if only the 
> manufacturers would wise up.  We're in the same place we were with SMTP 
> about twelve years ago.  I'm sure we'll see a slew of patents and 
> chest-pounding by people with obvious or trivial solutions - welcome to 
> the New WIPO World.
>
> The solution is simple: "End devices should have the option to only accept 
> authenticated requests."
>
> That's pretty simple, but that is the key to the whole solution. However, 
> most end devices will blindly accept any call that they're given, so long 
> as the destination number is correct.  I've seen a few phones (Polycom is 
> the only one that comes to mind) which will challenge INVITEs.  SIP 
> devices are pretty smart, but I don't think they're capable of being 
> "totally" smart.  The proxy in the middle will have to retain some 
> intelligence and reference some type of permissions model or database to 
> allow calls through or not.  I trust that industry (and quasi-industry, 
> like Asterisk) programmers will come up with dozens of ways of 
> intercepting and thrashing unsolicited phone call, so long as there is no 
> back door that the spammer can sleaze through to get right to the desktop.
>
> TLS SIP is also a nice concept, since it would require some sort of "root" 
> authentication that could be revoked or at least recognized if a spam 
> origin was adequately recognized.  This is all starting to sound a lot 
> like an anti-spam thread, so I'll stop here.  Most intelligent people on 
> the list should be able to figure out a bunch of ways to prevent spam, but 
> the primary one is accountability of origin.  Anything that allows that 
> accountability to be compromised from the perspective of the destination 
> means that spam will inevitably slide in, so it is our job to enforce sane 
> authentication/authorization mechanisms NOW on the vendors from whom we 
> buy equipment/firmware.
>
> JT
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users 

----------------------------------------
My Inbox is protected by SPAMfighter
321 spam mails have been blocked so far.
Download free www.spamfighter.com today!

More information about the asterisk-users mailing list