John Todd wrote: > At 7:14 PM +0200 on 8/10/04, Soren Rathje wrote: >> Gang, >> [snip] >> >> /Soren >> >> It is the mark of an educated mind to be able to entertain a thought >> without accepting it. >> - Aristotle >
Ok, so we moved here from *-dev, no problem... ;-) > > VOIP Spam is actually pretty trivial to take care of, if only the > manufacturers would wise up. We're in the same place we were with > SMTP about twelve years ago. I'm sure we'll see a slew of patents > and chest-pounding by people with obvious or trivial solutions - > welcome to the New WIPO World. > > The solution is simple: "End devices should have the option to only > accept authenticated requests." If IP Telephony is supposed to "grow up"/mature into a technology that will replace TDM over time, this is not an option unless you are building whitelists of gigantic proportions... > That's pretty simple, but that is the key to the whole solution. > However, most end devices will blindly accept any call that they're > given, so long as the destination number is correct. I've seen a few > phones (Polycom is the only one that comes to mind) which will > challenge INVITEs. SIP devices are pretty smart, but I don't think > they're capable of being "totally" smart. The proxy in the middle > will have to retain some intelligence and reference some type of > permissions model or database to allow calls through or not. I trust > that industry (and quasi-industry, like Asterisk) programmers will > come up with dozens of ways of intercepting and thrashing unsolicited > phone call, so long as there is no back door that the spammer can > sleaze through to get right to the desktop. It challenges the concept of e164.arpa. > TLS SIP is also a nice concept, since it would require some sort of > "root" authentication that could be revoked or at least recognized if > a spam origin was adequately recognized. This is all starting to > sound a lot like an anti-spam thread, so I'll stop here. Most > intelligent people on the list should be able to figure out a bunch > of ways to prevent spam, but the primary one is accountability of > origin. Anything that allows that accountability to be compromised > from the perspective of the destination means that spam will > inevitably slide in, so it is our job to enforce sane > authentication/authorization mechanisms NOW on the vendors from whom > we buy equipment/firmware. Right, the sole purpose of the original post (in asterisk-dev) was to figure out how aware people are of this potential problem and also if people think of this as a problem. /Soren _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
