Re: [asterisk-users] Is Enum safe from spammers?
Gordon Henderson schrieb: Just been contacted by a UK Enum registrar looking for ITSPs to become resellers of their Enum registration systems ... Is anyone using Enum? Yes. Does anyone (other than cynical old me) think that Enum is a spammers best friend? I think ENUM will not cause SPIT, but it can increase the efficiency. Has anyone received a spam VoIP call yet? (ie. one placed directly over the Internet aimed at a SIP URI to a PBX which allows anonymous incoming calls?) No. I can see that Enum is good to provide another way round the PSTN, but at the same time, I'm just not convinced... What do others think? SPIT (VoIP SPAM) is basically not a problem of ENUM, but of the communication protocol (SIP, H323, IAX, XMPP). E.g. SIP was developed with the same idea as SMTP: open connectivity - everybody can send a message to everyone with the need of peering agreements (thus, free of charge). Of course this introduces the same problems as SMTP has. Unfortunately the designers of SIP did not searched for a solution for this problem. Now, there is SIP-Identity which would allow (would, because nobody uses it) authentication of the caller - which is the basis for black/whitelists. H323 and IAX might be different, but they also allow to have unauthenticated calls. So, as soon as you operate your VoIP environment in a open way (regardless if it is SIP, XMPP ...) you are vulnerable to SPIT - even if you do not have ENUM provisioned for your local extensions. ENUM can be used by crawlers to find out valid VoIP URIs and can help SPITting, but in the end the problems is on the SIP level and must be solved there. regards klaus ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Is Enum safe from spammers?
IMHO, anonymous calls should never, ever be accepted for a variety of reasons. It is naive. Just because it is convenient does not mean it should be done. Trusted calls between indeterminate parties can be arranged through peering federations, clearinghouses, etc. -- whatever VoIP peering model the market ultimately ends up adopting. -- Sent from mobile device On Jul 17, 2009, at 5:13 AM, Klaus Darilion klaus.mailingli...@pernau.at wrote: Gordon Henderson schrieb: Just been contacted by a UK Enum registrar looking for ITSPs to become resellers of their Enum registration systems ... Is anyone using Enum? Yes. Does anyone (other than cynical old me) think that Enum is a spammers best friend? I think ENUM will not cause SPIT, but it can increase the efficiency. Has anyone received a spam VoIP call yet? (ie. one placed directly over the Internet aimed at a SIP URI to a PBX which allows anonymous incoming calls?) No. I can see that Enum is good to provide another way round the PSTN, but at the same time, I'm just not convinced... What do others think? SPIT (VoIP SPAM) is basically not a problem of ENUM, but of the communication protocol (SIP, H323, IAX, XMPP). E.g. SIP was developed with the same idea as SMTP: open connectivity - everybody can send a message to everyone with the need of peering agreements (thus, free of charge). Of course this introduces the same problems as SMTP has. Unfortunately the designers of SIP did not searched for a solution for this problem. Now, there is SIP-Identity which would allow (would, because nobody uses it) authentication of the caller - which is the basis for black/whitelists. H323 and IAX might be different, but they also allow to have unauthenticated calls. So, as soon as you operate your VoIP environment in a open way (regardless if it is SIP, XMPP ...) you are vulnerable to SPIT - even if you do not have ENUM provisioned for your local extensions. ENUM can be used by crawlers to find out valid VoIP URIs and can help SPITting, but in the end the problems is on the SIP level and must be solved there. regards klaus ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Is Enum safe from spammers?
2009/7/14 Gordon Henderson gordon+aster...@drogon.netgordon%2baster...@drogon.net Just been contacted by a UK Enum registrar looking for ITSPs to become resellers of their Enum registration systems ... Is anyone using Enum? Does anyone (other than cynical old me) think that Enum is a spammers best friend? Has anyone received a spam VoIP call yet? (ie. one placed directly over the Internet aimed at a SIP URI to a PBX which allows anonymous incoming calls?) To my surprise, a friend who got himself registered in such Enum registers never received a single Spam call. But I do agree, it might be a question of time I can see that Enum is good to provide another way round the PSTN, but at the same time, I'm just not convinced... What do others think? Gordon ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Is Enum safe from spammers?
Just been contacted by a UK Enum registrar looking for ITSPs to become resellers of their Enum registration systems ... Is anyone using Enum? Does anyone (other than cynical old me) think that Enum is a spammers best friend? Has anyone received a spam VoIP call yet? (ie. one placed directly over the Internet aimed at a SIP URI to a PBX which allows anonymous incoming calls?) I can see that Enum is good to provide another way round the PSTN, but at the same time, I'm just not convinced... What do others think? Gordon ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Is Enum safe from spammers?
I think an equally interesting question is whether the Federal Trade Commission (and foreign equivalents) draw a distinction between calls to E.164 numbers based on their transport technology. In other words, is there a legal difference depending on whether the call touches the PSTN vs. being looked up in an ENUM directory with Pure IP transport? If you are an attorney, please chime in. I'm not an attorney, but I suspect the answer would be that there is no distinction. I know the definition of phone call is a moving target these days, so perhaps today's legal answer will be different tomorrow. On the other hand perhaps the legal question is completely moot. The zero-cost nature of SPIT might make it like SPAM wherein the fact that it violates many laws in most countries is ultimately of no consequence. Will this ultimately come down to a technical arms race like we see with SPAM? . December 21, 2012 - Original Message - From: Gordon Henderson gordon+aster...@drogon.net To: Asterisk Users Mailing List Discussion asterisk-users@lists.digium.com Sent: Tuesday, July 14, 2009 9:14 AM Subject: [asterisk-users] Is Enum safe from spammers? Just been contacted by a UK Enum registrar looking for ITSPs to become resellers of their Enum registration systems ... Is anyone using Enum? Does anyone (other than cynical old me) think that Enum is a spammers best friend? Has anyone received a spam VoIP call yet? (ie. one placed directly over the Internet aimed at a SIP URI to a PBX which allows anonymous incoming calls?) I can see that Enum is good to provide another way round the PSTN, but at the same time, I'm just not convinced... What do others think? Gordon ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Is Enum safe from spammers?
On Tue, Jul 14, 2009 at 06:46:50PM -0500, Karl Fife wrote: [snip] missed the original message - Original Message - From: Gordon Henderson gordon+aster...@drogon.net To: Asterisk Users Mailing List Discussion asterisk-users@lists.digium.com Sent: Tuesday, July 14, 2009 9:14 AM Subject: [asterisk-users] Is Enum safe from spammers? Just been contacted by a UK Enum registrar looking for ITSPs to become resellers of their Enum registration systems ... As a Director of UKEC Ltd (the governing body of ENUM in the UK) I'd be interested in knowing more about this. Is anyone using Enum? Currently there is a need to populate the ENUM database. UKEC and Nominet are working together to try and get vendors to support ENUM. Does anyone (other than cynical old me) think that Enum is a spammers best friend? ENUM isn't just about VoIP, it allows end users to set policies on how they want to receive calls. Unfortunately not many telcos yet support ENUM (or public ENUM anyway). The most likely growth area are ITSPs populating the ENUM database with their customer's numbers. Has anyone received a spam VoIP call yet? (ie. one placed directly over the Internet aimed at a SIP URI to a PBX which allows anonymous incoming calls?) If you find out, please do let me know. I can see that Enum is good to provide another way round the PSTN, but at the same time, I'm just not convinced... ENUM is the future of telephony, it's just needs mass adoption. Unfortunately there are likely to be at least 3 ENUM systems in the UK. * Public ENUM as in e164.arpa * Carrier ENUM whereby telcos use ENUM to route calls to other telcos. * Eventually a central porting database for mobiles (and also fixed lines) which uses ENUM to store the port information. It would be good if these all merged into one body. What do others think? Happy to have a chat off-line. Steve -- NetTek Ltd UK mob +44 7775 755503 UK +44 20 7993 2612 / US +1 310 857 7715 / Fax +44 20 7483 2455 Skype/GoogleTalk/AIM/Gizmo/.Mac/Twitter/FriendFeed stevekennedyuk Euro Tech News Blog http://eurotechnews.blogspot.com MSN st...@gbnet.net ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Is Enum safe from spammers?
The answer, quickly, is No, ENUM is not safe from spam. But there is security in obscurity at the moment. Since nobody really uses ENUM, it's not been brought to the attention of phone spammers. However, witness AOL AIM, or Skype - now that people know it exists and there are millions of endpoints, the bots move in. I get frequent connections on both services from random bots wanting to chat, though no voice connections yet. So ENUM is a target, yes. But as far as SIP URIs in ENUM, there may be some easy solutions that don't require a lot of backflips and can quickly integrate with Asterisk. The good news is that Asterisk is easily scriptable to block/squelch calls that don't meet certain criteria. Here's a post I wrote a while back on the topic, including code. https://mail.internet2.edu/wws/arc/sip.edu/2006-07/msg00012.html ...and a better-formatted version: http://forum.e164.org/index.php?topic=16.0 JT On Jul 14, 2009, at 4:46 PM, Karl Fife wrote: I think an equally interesting question is whether the Federal Trade Commission (and foreign equivalents) draw a distinction between calls to E.164 numbers based on their transport technology. In other words, is there a legal difference depending on whether the call touches the PSTN vs. being looked up in an ENUM directory with Pure IP transport? If you are an attorney, please chime in. I'm not an attorney, but I suspect the answer would be that there is no distinction. I know the definition of phone call is a moving target these days, so perhaps today's legal answer will be different tomorrow. On the other hand perhaps the legal question is completely moot. The zero-cost nature of SPIT might make it like SPAM wherein the fact that it violates many laws in most countries is ultimately of no consequence. Will this ultimately come down to a technical arms race like we see with SPAM? . December 21, 2012 - Original Message - From: Gordon Henderson gordon+aster...@drogon.net To: Asterisk Users Mailing List Discussion asterisk-users@lists.digium.com Sent: Tuesday, July 14, 2009 9:14 AM Subject: [asterisk-users] Is Enum safe from spammers? Just been contacted by a UK Enum registrar looking for ITSPs to become resellers of their Enum registration systems ... Is anyone using Enum? Does anyone (other than cynical old me) think that Enum is a spammers best friend? Has anyone received a spam VoIP call yet? (ie. one placed directly over the Internet aimed at a SIP URI to a PBX which allows anonymous incoming calls?) I can see that Enum is good to provide another way round the PSTN, but at the same time, I'm just not convinced... What do others think? Gordon ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users --- John Todd email:jt...@digium.com Digium, Inc. | Asterisk Open Source Community Director 445 Jan Davis Drive NW - Huntsville AL 35806 - USA direct: +1-256-428-6083 http://www.digium.com/ ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users