Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsVoIPIncoming SIP URI Calls


Awesome
4859 posts

Uber Geek

Trusted
Subscriber

# 120956 19-Jun-2013 16:29
Send private message

Hoping someone here with more VoIP knowledge than me can help me out.

I understand that incoming calls on SIP URI's is a security problem and leads to annoying no voice calls because there is no verification. I've been trying to Google and find some more info on the extent of the problem, or possible solutions - but I can't seem to find much at all (Suggesting it's maybe not as big an issue as I was thinking?)

Does anyone have any good info you can share?

I really like the idea of using an email address like format user@service kind of thing as an eventual phone number replacement - and SIP can do this now as we know. But is there a solution that solves the issue of rogue incoming calls?




Twitter: ajobbins

Create new topic
3344 posts

Uber Geek

Trusted
Vocus

  # 839638 19-Jun-2013 17:16
Send private message

The best way is to firewall off everything except for your provider's SIP proxy/proxies from contacting your device on whatever port it's using for SIP.  That should do the trick.

De-centralised SIP sounds great in theory, but the way that it's replaced telephony means that people are just used to dialling numbers.  Also as you say, there's just no security inherent in the protocol (and no way for providers to bill...)



Awesome
4859 posts

Uber Geek

Trusted
Subscriber

  # 839658 19-Jun-2013 17:34
Send private message

Yeah but restricting to only a SIP provider kind of defeats the point, especially as most of them only allow incoming SIP URL dialling.

Providers wouldn't have a right to bill because the calls would be P2P and a SIP provider wouldn't be used.

What I'm struggling with is, is finding any info online about URI dialling security. When I Google things like 'how secure is SIP URI dialling', 'SIP URI dialling security', 'risks SIP URI' etc. etc. I get plenty of hits of guides for making it work, getting the DNS setup, Asterisk configured etc. but basically nothing talking about issues or risks of doing it.

It's like the problem doesn't exist (when we know it does).




Twitter: ajobbins

 
 
 
 


4208 posts

Uber Geek


  # 839698 19-Jun-2013 18:27
Send private message

If you open up your SIP device to the net it is only a matter of time until a botnet will find it and start flooding it with INVITE's which will lead to the device being crippled.
As mentioned above, it is a nice idea but just not practical.

It is a very real risk. Google SIP attacks or something like that.

3344 posts

Uber Geek

Trusted
Vocus

  # 839705 19-Jun-2013 18:38
Send private message

ajobbins: Yeah but restricting to only a SIP provider kind of defeats the point, especially as most of them only allow incoming SIP URL dialling.

Providers wouldn't have a right to bill because the calls would be P2P and a SIP provider wouldn't be used.

What I'm struggling with is, is finding any info online about URI dialling security. When I Google things like 'how secure is SIP URI dialling', 'SIP URI dialling security', 'risks SIP URI' etc. etc. I get plenty of hits of guides for making it work, getting the DNS setup, Asterisk configured etc. but basically nothing talking about issues or risks of doing it.

It's like the problem doesn't exist (when we know it does).


It's the same way that email has no security as far as who can email who.  They are based on the same principles of "trust everyone implicitly".

The thing is, we have SBCs to control security.  So SIP endpoints, PABXs etc generally speaking, just accept whatever they're fed.  Most have the ability to have an ACL of which proxies they will listen to but that's the limit of it.  And they should in most cases only respond to calls to configured users.

There's no concept in SIP of authorization in a peer-to-peer environment.  Much like any other protocol.

This is why we have SIP providers, SIP proxies, SIP registrars, SBCs and the like :)



Awesome
4859 posts

Uber Geek

Trusted
Subscriber

  # 839706 19-Jun-2013 18:38
Send private message

I guess it's similar to email servers and spam. SIP URI needs a solution to verify that the calling (sending) party is who they say they are and are authorised to make the call.




Twitter: ajobbins

5545 posts

Uber Geek

Trusted
Lifetime subscriber

  # 839719 19-Jun-2013 18:54
Send private message

Skype pretty much does what you are trying to do to a certain extent.




Chorus has spent $1.4 billion on making their xDSL broadband network faster and even more now as they are upgrading their rural Conklins. If your still stuck on ADSL or VDSL, why not spend $195 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

3344 posts

Uber Geek

Trusted
Vocus

  # 839720 19-Jun-2013 18:57
Send private message

ajobbins: I guess it's similar to email servers and spam. SIP URI needs a solution to verify that the calling (sending) party is who they say they are and are authorised to make the call.


SIP Softswitches do this, at least for their subscribers.  We still have to somewhat "trust" other providers though.

For direct calling, it is possible to share a secret and use that for authorization.

I can't see why some variant of SPF or DKIM couldn't be applied, but to my knowledge nothing like that is widely implemented in SIP UAs.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36

MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28

Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15

D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31

Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29

Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24

Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59

Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07

Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02

Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41

Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36

2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17

Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46

Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.