How to prevent SPIT attacks on VoIP networks?

MGaluzzi

We are looking at switch to a VoIP system, but I’m concerned about problems after making the switch from a conventional PSTN. How much of an issue are SPIT attacks on VoIP networks and what can be done to mitigate the risk?

Answer this Question

Answers

2 total
jimlynch
Vote Up (3)

SPIT Mitigation
http://en.wikipedia.org/wiki/VoIP_spam#SPIT_Mitigation

"RFC 5039 [1] contains some basic methods for the mitigation of telephone spam over SIP:

White Lists and Black Lists
Consent-Based Communications
Reputation Systems
Address Obfuscation and Limited-Use Addresses
Turing Tests, Captchas, Computational Puzzles
Payment
Legal actions"

Number6
Vote Up (2)

So far, I don’t think SPIT (SPam over IP Telephone) attacks are very common. Which isn’t to say that they don’t happen, because they do. I would expect it to be a growing problem as VoIP becomes more and more common. By its nature, a SPIT attack could take up a large amount of storage space and/or negatively impact employee productivity (a phone ringing every few minutes with another spam call does little to improve productivity), so it is something to be aware of.

There are some software solutions out there that query the incoming caller with a question that requires a verbal answer. If done well, this can prevent pre-recorded messages from getting through while being pretty painless to actual human callers. Also, talk to the VoIP service providers that you are considering. An established company should have some mitigation measures built into the system.

Ask a question

Join Now or Sign In to ask a question.
Google has expanded its Project Loon tests to the Nevada desert and, for the first time, into licensed radio spectrum.
Google did little during its first-quarter earnings report to shush critics who say its Enterprise unit is a second-class citizen in its kingdom.
Facebook now has its own take on location sharing -- an optional feature that periodically broadcasts people's locations to their friends.
Google reported a 19 percent increase in revenue for the first quarter, but results from its advertising business were mixed.
Smartwatches for use on AT&T's network will be out this year, a company executive said Wednesday.
Many U.S. residents who have written the FCC to voice concerns about the move from copper-based telephone networks to Internet Protocol are concerned about the potential effects on health from mobile-headset radiation and what happens when the electricity goes out.
The transition from copper-based telephone systems to IP networks in the U.S. could become swept up in political fallout as the FCC figures out how to regulate such networks in ways that will appease the courts.
A new webmail service called Lavaboom promises to provide easy-to-use email encryption without ever learning its users' private encryption keys or message contents.
Wireless carriers in the U.S., handset makers and the industry's lobbying group have made a significant concession on technology that could remotely disable stolen smartphones and tablets.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+