Eyeball VoIP networks now before the SPIT hits

Security experts are in total agreement that the emergence of SPIT (Spam over Internet Telephony) is inevitable.

No official cases of SPIT have yet been documented, but that’s largely because VoIP adoption has yet to reach the critical mass needed to make SPIT profitable to spammers.

“No one is really running a large-scale VoIP service that can reach all users in cheap manner yet. But at the end of this year, there are large providers who are connecting to PSTN [analogue telephone networks], and these [will be able to] handle thousands of calls per minute,” said Shahadat Khan, CTO of Vancouver-based Eyeball Networks.

The company is developing a product that will allow VoIP providers to make a pre-emptive strike against SPIT. Eyeball recently announced that its patent-pending anti-SPIT server will be available at the end of 2005.

Features of the server include caller authentication, unique caller limits, dynamic caller monitoring and VoIP spam-filtering algorithms. The product is primarily targeted at VoIP service providers, although there are also features such as parental controls that will benefit their customers.

The anti-SPIT server essentially works by monitoring calling patterns to establish a baseline, then using pattern analysis to apply controls when calling patterns deviate from defined parameters. These include volume, rate, time of day, location and so on. VoIP providers and their users can select the parameters they want to use to filter inbound and outbound calls.

For example, a typical threshold might be to monitor for users calling more than ten numbers per minute. If the observed rate is higher, chances are good that the calls are automated spam. If Eyeball’s warning systems are triggered, users are not cut off. “We do it gracefully,” said Khan.

The system will challenge the user with a test, such as pressing a sequence of keys to resume calling. A computer will fail the test, but a human will pass, and can request a higher quota if there is a legitimate need. “We make it impossible to generate the kind of volume spammers need,” said Kahn.

In anticipation of “visual spam”, Eyeball also offers video filters that monitor for potential abuses by detecting the amount of flesh-tones in an image. Video phones are already on the market, said Kahn, and applications like MSN messenger can send live images. “This is already a big source of problems. If you take a call from a stranger, you don’t know what kind of call you’re getting.”

The anti-SPIT server sits next to the VoIP server on the network, and works as an add-on in accordance with established standards for Cisco and other common VoIP servers. Eyeball is currently beta-testing its product with two VoIP providers to tweak and tune the parameters to address the types of problems they typically encounter.

Notwithstanding experts’ predictions that the emergence of SPIT is imminent, most businesses are not that concerned, and consumers not at all, said George Goodall, a research analyst at London, Ont.-based Info-Tech Research Group. Human nature being what it is, people are more concerned with existing problems.

“We haven’t seen a lot of SPIT in the marketplace or on the street, and already there are already vendors with solutions for a theoretical problem. So SPIT may be inevitable, but the solutions are staying ahead of the problem,” he said.

So should VoIP providers look into these anti-SPIT products now, or wait and see? “I would always recommend a proactive approach,” said Goodall.

“Once the problem occurs, it becomes ingrained and popular, and will be more difficult to remove after the fact. Providers should run their numbers on the cost-justifications, and build a business case for it right now.”

QuickLink 050603

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now