Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ajobbins

5052 posts

Uber Geek

Trusted

#120956 19-Jun-2013 16:29
Send private message

Hoping someone here with more VoIP knowledge than me can help me out.

I understand that incoming calls on SIP URI's is a security problem and leads to annoying no voice calls because there is no verification. I've been trying to Google and find some more info on the extent of the problem, or possible solutions - but I can't seem to find much at all (Suggesting it's maybe not as big an issue as I was thinking?)

Does anyone have any good info you can share?

I really like the idea of using an email address like format user@service kind of thing as an eventual phone number replacement - and SIP can do this now as we know. But is there a solution that solves the issue of rogue incoming calls?




Twitter: ajobbins


Create new topic
ubergeeknz
3344 posts

Uber Geek

Trusted
Vocus

  #839638 19-Jun-2013 17:16
Send private message

The best way is to firewall off everything except for your provider's SIP proxy/proxies from contacting your device on whatever port it's using for SIP.  That should do the trick.

De-centralised SIP sounds great in theory, but the way that it's replaced telephony means that people are just used to dialling numbers.  Also as you say, there's just no security inherent in the protocol (and no way for providers to bill...)



ajobbins

5052 posts

Uber Geek

Trusted

  #839658 19-Jun-2013 17:34
Send private message

Yeah but restricting to only a SIP provider kind of defeats the point, especially as most of them only allow incoming SIP URL dialling.

Providers wouldn't have a right to bill because the calls would be P2P and a SIP provider wouldn't be used.

What I'm struggling with is, is finding any info online about URI dialling security. When I Google things like 'how secure is SIP URI dialling', 'SIP URI dialling security', 'risks SIP URI' etc. etc. I get plenty of hits of guides for making it work, getting the DNS setup, Asterisk configured etc. but basically nothing talking about issues or risks of doing it.

It's like the problem doesn't exist (when we know it does).




Twitter: ajobbins


chevrolux
4962 posts

Uber Geek
Inactive user


  #839698 19-Jun-2013 18:27
Send private message

If you open up your SIP device to the net it is only a matter of time until a botnet will find it and start flooding it with INVITE's which will lead to the device being crippled.
As mentioned above, it is a nice idea but just not practical.

It is a very real risk. Google SIP attacks or something like that.



ubergeeknz
3344 posts

Uber Geek

Trusted
Vocus

  #839705 19-Jun-2013 18:38
Send private message

ajobbins: Yeah but restricting to only a SIP provider kind of defeats the point, especially as most of them only allow incoming SIP URL dialling.

Providers wouldn't have a right to bill because the calls would be P2P and a SIP provider wouldn't be used.

What I'm struggling with is, is finding any info online about URI dialling security. When I Google things like 'how secure is SIP URI dialling', 'SIP URI dialling security', 'risks SIP URI' etc. etc. I get plenty of hits of guides for making it work, getting the DNS setup, Asterisk configured etc. but basically nothing talking about issues or risks of doing it.

It's like the problem doesn't exist (when we know it does).


It's the same way that email has no security as far as who can email who.  They are based on the same principles of "trust everyone implicitly".

The thing is, we have SBCs to control security.  So SIP endpoints, PABXs etc generally speaking, just accept whatever they're fed.  Most have the ability to have an ACL of which proxies they will listen to but that's the limit of it.  And they should in most cases only respond to calls to configured users.

There's no concept in SIP of authorization in a peer-to-peer environment.  Much like any other protocol.

This is why we have SIP providers, SIP proxies, SIP registrars, SBCs and the like :)

ajobbins

5052 posts

Uber Geek

Trusted

  #839706 19-Jun-2013 18:38
Send private message

I guess it's similar to email servers and spam. SIP URI needs a solution to verify that the calling (sending) party is who they say they are and are authorised to make the call.




Twitter: ajobbins


coffeebaron
6233 posts

Uber Geek

Trusted
Lifetime subscriber

  #839719 19-Jun-2013 18:54
Send private message

Skype pretty much does what you are trying to do to a certain extent.




Rural IT and Broadband support.

 

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71 
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com


ubergeeknz
3344 posts

Uber Geek

Trusted
Vocus

  #839720 19-Jun-2013 18:57
Send private message

ajobbins: I guess it's similar to email servers and spam. SIP URI needs a solution to verify that the calling (sending) party is who they say they are and are authorised to make the call.


SIP Softswitches do this, at least for their subscribers.  We still have to somewhat "trust" other providers though.

For direct calling, it is possible to share a secret and use that for authorization.

I can't see why some variant of SPF or DKIM couldn't be applied, but to my knowledge nothing like that is widely implemented in SIP UAs.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.