The implementation of SPAM over Internet telephony and a defence against this attack

Attacks on Internet services become a very frequent issue in the global IP network and next threat is coming with IP telephony. The threat is called SPIT and the acronym represents Spam over Internet Telephony (SPIT). This paper is focused on an implementation of Spam over Internet Telephony and a defence against this type of threat. If you take the fact that Spam takes up 80-90% of the total number of attacks on Internet services, the threat of SPIT in the future is very real and dangerous. This view is also shared by many security experts. We can say that the only reason why the SPIT has no globally impact yet is that it requires in comparison with Spam greater requirements on computing power, hardware and network connectivity. But this barrier will be soon removed by increasing technological development. SPIT also has a much greater annoying effect and impact on the victim than Spam. Just imagine, unlike an incoming emails with Spam, which you can easily ignore and delete, the new attack containing SPIT advertising message will ring again and again several times a day. Software generating SPIT attack was developed by authors at CESNET. This tool is called SPITFILE and it is based on well-known SIP packet generator Sipp. This paper deals with SPITFILE application, which is programmed in Python and it should show, how easy is to generate this type of attack. Of course, the defend methods against this attack are mentioned too. We also made a model of an effective defence against SPIT which we implemented into software IP PBX Asterisk. Our model is based on a call rating factor and blacklist table, together it provides a good protection against SPIT.