Feb 21, 2014

How to prevent SPIT attacks on VoIP networks?

We are looking at switch to a VoIP system, but I’m concerned about problems after making the switch from a conventional PSTN. How much of an issue are SPIT attacks on VoIP networks and what can be done to mitigate the risk?

SPIT Mitigation

"RFC 5039 [1] contains some basic methods for the mitigation of telephone spam over SIP:

White Lists and Black Lists
Consent-Based Communications
Reputation Systems
Address Obfuscation and Limited-Use Addresses
Turing Tests, Captchas, Computational Puzzles
Legal actions"
So far, I don’t think SPIT (SPam over IP Telephone) attacks are very common. Which isn’t to say that they don’t happen, because they do. I would expect it to be a growing problem as VoIP becomes more and more common. By its nature, a SPIT attack could take up a large amount of storage space and/or negatively impact employee productivity (a phone ringing every few minutes with another spam call does little to improve productivity), so it is something to be aware of.

There are some software solutions out there that query the incoming caller with a question that requires a verbal answer. If done well, this can prevent pre-recorded messages from getting through while being pretty painless to actual human callers. Also, talk to the VoIP service providers that you are considering. An established company should have some mitigation measures built into the system.
Answer this