Manualshelf

System information

ManualsBrandsATech Machine ManualsComputer equipmentLIBRA-02 M
291292293294295296297298299300
Spam over Internet Telephony (SPIT)
VoIP spam has not yet taken off, but rest assured, it will. Spammers all over the world
are drooling at the prospect of being able to freely assault anyone and everyone with
an Internet-enabled phone system.
Like email, VoIP entails a certain level of trust, in that it assumes that every phone call
is legitimate. Unfortunately, as with email spam, it only takes a few bad apples to spoil
things for the rest of us.
Many organizations and persons are working on ways to address SPIT now, before it
becomes a problem. Some concepts being worked on include certificates and whitelists.
No one method has emerged as the definitive solution.
While it would be easy to simply lock our systems away from the world, the fact is that
Internet telephony is something that every business will be expected to support in the
not-too-distant future. SPIT will increasingly become a problem as more and more
unsavory characters decide that this is the new road to riches.
Solving the SPIT problem will be an ongoing process: a battle between us and The Bad
Guys™.
Distributed Denial of Service Attacks
SIP denial of service attacks are already happening on the Internet. Amazon’s EC2 cloud
has become a popular place to originate these attacks from, and other cloud-based or
compromised systems will become popular for these activities as well. The actual at-
tacks are not strictly denial of service attacks (in the sense that they are not deliberately
trying to choke your system); rather, they are attack campaigns that are typically trying
to use brute force to locate exploitable holes in any systems they can find. As the sheer
number of these attacks increases, the effect on the network will be similar to that of
email spam.
The previously mentioned fail2ban daemon can be useful in minimizing the effects of
these attacks. Refer to Chapter 26 for more details.
Phishing
When a VoIP system has been compromised, one popular use of the compromised
system is to relay fraud campaigns using the identity of the compromised system.
Criminals engaging in so-called phishing expeditions will make random calls to lists of
numbers, attempting to obtain credit card or other sensitive information, while posing
as your organization.
258 | Chapter 12:Internet Call Routing