You hear a lot of security experts warning about the dangers of SPIT. SPIT isn't an issue now and won't be for a while, but it is something to think about. As you know, we are working on a VoIP security book and I thought it would be useful to build and distribute a tool that helps to generate SPIT. We ended up using the Asterisk IP PBX as the platform, with a simple program to feed it with the SPIT calls.
Let me tell you what - you have no idea how irritating SPIT could be until you are sitting in the room next door, when all 10 SIP phones start ringing, we put them on speaker, and you get a chorus of viagra ads/Rolex ads/mortgage ads/etc. Plus, while these calls are going on, we are jamming more at the phones, so you end up with a ton of voice mail messages. It is a royal pain to slog through the voice mail interface and delete all the messages. Trust me - it is going to be really annoying.
We will be releasing the instructions and tools for this sometime later this year.
As mentioned, we released an early set of SIP attack tools, documented in our upcoming book, on our web site www.hackingvoip.com. Also, Dan York interviewed us here at Blackhat and we got a chance to quickly describe the tools. You can find the podcast at www.blueboxpodcast.com.
tWe just finished our presentation. We had a pretty full house. I would guess 300-500 people, with quite a few sitting on the floor. We had the opening session, which is good and bad. Its good, because we were sort of the keynote, but bad, since it was early and no one in their right minds is up at 10:00AM in Vegas...
Anyway, the presentation went well. We had a few minor glitches with the demos of our tools, but it wasn't too much of a problem. One of the projection systems wasn't working, so everyone had to move over to one side of the room. Got some good questions and contacts.