Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spit Will Be Worse Than Spam

Posted by CmdrTaco on from the but-less-fun-to-say dept.

KentuckyFC writes "A team of German computer scientists has developed a program that reproduces all the known forms of spit (spam over internet telephony) attack. Their plan is to make the spitting software available to computer security experts wanting to test antispit strategies. Developing these won't be easy. There are various antispit techniques, such as white lists that allow only calls from predetermined callers, Turing tests such as audio CAPTCHAs that make a caller prove he or she is human and payment-at-risk services where the caller makes a small payment in advance and is refunded immediately if the receiver acknowledges the call as legitimate. But all have weaknesses, say the researchers. The main difference between junk calls and junk email is that the email arrives at your mail server before you access it. This gives the server time to analyze its content and filter out the junk before it gets to you. Not so with internet telephony, which is why radically different strategies are needed."

4 of 248 comments (clear)

  1. Call Screening by Orange+Crush · · Score: 5, Informative

    Seems about the only way to avoid junk calls. I never answer if I don't recognize the number, and certainly not if it's private. Pisses the bank off if I forget about a payment or something, but they'll usually send postcards too. If it's a legit call and they can't be bothered to leave a message, then I can't be bothered to call them back.

    Of course, once the spam bots start leaving ads in my voicemail, then I'm getting violent.

  2. How is this different than now? by faedle · · Score: 4, Informative

    The rapid increase of telemarketing on land lines generically has spawned a whole host of solutions to this "problem", from the only marginally effective legislative angle (the US Gov'ts "Do Not Call" registry) to the completely effective technical ones like Caller ID Whitelisting services offered by the telephone companies.

    Ultimately, since most of the VoIP services that have any leverage just extend the PSTN to a network connected voice terminal, the solutions remain the same. Don't accept uninvited sessions from unknown hosts at the terminal. Don't ring the phone for an unknown caller ID. Direct the caller to an IVR asking them for their name, and then give the caller the opportunity to accept or reject the call.

    Lastly, perhaps the most effective "anti-spam" measure for voice spam of any kind (be it conventional telemarketers or some new-fangled network-enabled approach) is the simple auto attendant. Even though I don't have numbers in the do-not-call registry (and I see suspect calls hit my Asterisk system all the time) I _NEVER_ get any spam calls. My autoattendant has a voicemail default route and no route for 0 or 1.. this leave s about 99.999% of all junk calls dead in the water.

  3. Re:Colour of bits in the packet by Soruk · · Score: 4, Informative

    There are some parts of the world where they think it's a good idea for mobile phone owners to pay to receive calls, rather than have the caller pay for the privilege of reaching someone who is out and about.

    Some even charge to receive SMS messages.

    --
    -- Soruk
  4. Re:#1 question by Anonymous Coward · · Score: 4, Informative
    VoIP calls to a person have to be placed through a central service

    No, they don't. You have been sucked into a mindset by those who run the central services. You can phone anyone at my house using a SIP address that looks just like an email address. It's just another protocol on the Internet and you don't need to pay a central service to use it.


    A PC can't really just CALL a Voip line
    Incorrect again. There doesn't need to be a "VoIP Line", it can be more akin to an open port on your home router. One that your PC can call up and play wav spam into if someone answers.


    I subscribe to gateways so that I can connect to the PSTN, but I'm never required to route my calls through any particular one. I have to pay to use those gateways for in/outbound PSTN calls, but I make and receive pure Internet-only VoIP calls all the time for free without the use of a central service. Think of it like I'm serving web pages from my house or receiving SMTP messages. That is the future of Internet-based telephony.


    Proprietary services like Skype and Vonage are not yet swimming in the bigger waters, despite the fact that they let you connect to the PSTN. Their kind of VoIP is still in the same mode as email was when CompuServe couldn't peer with FidoNet, which couldn't peer with GEnie, etc.


    If I ever pay a central service for VoIP, it will likely be just to filter the coming SPIT.