Re: [Sipping] FYI - my I-D about SIP usage scenarios similar to SPIT - Fwd: I-D Action:draft-york-spit-similarity-scenarios-00.txt

[Hannes Tschofenig <Hannes.Tschofenig at gmx.net>]

Hi Dan,

that's a nice document and fits well into the discussions around the 
development of clever techniques to learn the behavior of users to 
distinguish "good" from "bad" calls. There are obviously plenty of 
challenges for folks working on these techniques.

You are right that existing documents did not describe the algorithms as 
such. This has lead a couple of folks to believe that they do not work 
too well in a real-world setting.

Ciao
Hannes


Dan York wrote:
> FYI, after reading RFC 5039 and some of the other drafts out related 
> to voice spam/SPIT it seemed to me that, unless I missed it, the 
> documents don't seem to address the issue of what SPIT could look like 
> at a network level.  For instance, if a network administrator 
> monitoring network traffic suddenly saw a large flood of SIP INVITE 
> packets coming into his/her network, it could be:
>
> 1. a telemarketer/spammer launching a flood of SIP connections to 
> deliver SPIT;
> 2. an attacker launching a DoS attack through one of the various SIP 
> attack tools out there; or
> 3. a legitimate notification system starting to notify a range of SIP 
> endpoints.
>
> It was this last case of legitimate traffic that concerned me and so I 
> put together an I-D talking about the types of legitimate systems that 
> might generate a significant volume of traffic that could resemble 
> SPIT (or a DoS attack).
>
> Comments are very definitely welcome.  Are there other scenarios I 
> should include?  Am I overstating the case? or what?
>
> Thanks,
> Dan
>
> P.S. As this is also my first Internet-Draft I've actually ever 
> submitted, comments about form, content, etc. are also welcome. It had 
> been a while since I'd been doing XML publishing (used to do a ton of 
> DocBook) but I have to say that 'xml2rfc' is a very nice tool!
>
> -----------------------
>
> Begin forwarded message:
>
> From: Internet-Drafts at ietf.org
> Date: January 16, 2008 4:40:02 PM EST
> To: i-d-announce at ietf.org
> Subject: I-D Action:draft-york-spit-similarity-scenarios-00.txt
> Reply-To: internet-drafts at ietf.org
>
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
>
>     Title           : SIP Usage Scenarios Similar to SPIT
>     Author(s)       : D. York
>     Filename        : draft-york-spit-similarity-scenarios-00.txt
>     Pages           : 10
>     Date            : 2008-01-16
>
> This document outlines scenarios in which legitimate SIP traffic may
> appear similar to traffic associated with voice spam, also known as
> "SPIT" or "Spam for Internet Telephony.  This document is created to
> provide input into the current discussions about how best to address
> the issue of SPIT.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-york-spit-similarity-scenarios-00.txt 
>
>
> To remove yourself from the I-D Announcement list, send a message to
> i-d-announce-request at ietf.org with the word unsubscribe in the body of
> the message.
> You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
> to change your subscription settings.
>
> Internet-Drafts are also available by anonymous FTP. Login with the
> username "anonymous" and a password of your e-mail address. After
> logging in, type "cd internet-drafts" and then
>     "get draft-york-spit-similarity-scenarios-00.txt".
>
> A list of Internet-Drafts directories can be found in
> http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
> Internet-Drafts can also be obtained by e-mail.
>
> Send a message to:
>     mailserv at ietf.org.
> In the body type:
>     "FILE /internet-drafts/draft-york-spit-similarity-scenarios-00.txt".
>
> NOTE:   The mail server at ietf.org can return the document in
>     MIME-encoded form by using the "mpack" utility.  To use this
>     feature, insert the command "ENCODING mime" before the "FILE"
>     command.  To decode the response(s), you will need "munpack" or
>     a MIME-compliant mail reader.  Different MIME-compliant mail readers
>     exhibit different behavior, especially when dealing with
>     "multipart" MIME messages (i.e. documents which have been split
>     up into multiple messages), so check your local documentation on
>     how to manipulate these messages.
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
> Content-Type: text/plain
> Content-ID: <2008-01-16163746.I-D\ at ietf.org>
>
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce at ietf.org
> https://www1.ietf.org/mailman/listinfo/i-d-announce
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
> This list is for NEW development of the application of SIP
> Use sip-implementors at cs.columbia.edu for questions on current sip
> Use sip at ietf.org for new developments of core SIP



_______________________________________________
Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sip at ietf.org for new developments of core SIP