HOME

TheInfoList



OR:

The SIP URI scheme is a
Uniform Resource Identifier A Uniform Resource Identifier (URI) is a unique sequence of characters that identifies a logical or physical resource used by web technologies. URIs may be used to identify anything, including real-world objects, such as people and places, conc ...
(URI) scheme for the
Session Initiation Protocol The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telepho ...
(SIP) multimedia communications protocol. A SIP address is a URI that addresses a specific telephone extension on a
voice over IP Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of speech, voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms In ...
system. Such a number could be a
private branch exchange A business telephone system is a multiline telephone system typically used in business environments, encompassing systems ranging in technology from the key telephone system (KTS) to the private branch exchange (PBX). A business telephone syst ...
or an E.164 telephone number dialled through a specific gateway. The scheme was defined in .


Operation

A SIP address is written in user@domain.tld format in a similar fashion to an
email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineer ...
. An address like: : sip:1-999-123-4567@voip-provider.example.net instructs a SIP client to use the
NAPTR A Name Authority Pointer (NAPTR) is a type of resource record in the Domain Name System of the Internet. NAPTR records are most commonly used for applications in Internet telephony, for example, in the mapping of servers and user addresses in the ...
and
SRV SRV may refer to: Computing *SRV record as used in the Domain Name System * /srv, a directory on Unix-like computer systems Music *Stevie Ray Vaughan, American blues and blues-rock guitarist (1954–1990) *"S.R.V.", an instrumental track from gui ...
schemes to look up the SIP server associated with the
DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
name voip-provider.example.net and connect to that server. If those records are not found, but the name is associated with an IP address, the client will directly contact the SIP server at that IP address on port 5060, by default using the UDP transport protocol. It will ask the server (which may be a gateway) to be connected to the destination user at 1-999-123-4567. The gateway may require the user REGISTER using SIP before placing this call. If a destination port is provided as part of the SIP URI, the NAPTR/SRV lookups are not used; rather, the client directly connects to the specified host and port. As a SIP address is text, much like an e-mail address, it may contain non-numeric characters. As the client may be a
SIP phone A VoIP phone or IP phone uses voice over IP technologies for placing and transmitting telephone calls over an IP network, such as the Internet. This is in contrast to a standard phone which uses the traditional public switched telephone network ...
or other device with just a numeric, telephone-like keypad, various schemes exist to associate an entirely numeric identifier to a publicly reachable SIP address. These include the
iNum Initiative The iNum (international number) initiative was a project by Voxbone to create a global dial code for IP communications. Voxbone is a Belgian company specializing in wholesale telephone numbers for VoIP applications. The International Telecommunic ...
(which issues E.164-formatted numbers, where the corresponding SIP address is the number '@sip.inum.net'), SIP Broker-style services (which associate a numeric *prefix to the SIP domain name) and the e164.org and
e164.arpa E.164 is an international standard (ITU-T Recommendation), titled ''The international public telecommunication numbering plan'', that defines a numbering plan for the worldwide public switched telephone network (PSTN) and some other data network ...
domain name servers (which convert numbers to addresses one-by-one as DNS reverse-lookups). SIP addresses may be used directly in configuration files (for instance, in
Asterisk (PBX) Asterisk is a software implementation of a private branch exchange (PBX). In conjunction with suitable telephony hardware interfaces and network applications, Asterisk is used to establish and control telephone calls between telecommunication ...
installations) or specified through the web interface of a voice-over-IP gateway provider (usually as a
call forwarding Call forwarding, or call diversion, is a telephony feature of all telephone switching systems which redirects a telephone call to another destination, which may be, for example, a mobile or another telephone number where the desired called party is ...
destination or an address book entry). Systems which allow
speed dial Speed dial is a function available on many telephone systems allowing the user to place a call by pressing a reduced number of keys. This function is particularly useful for phone users who dial certain numbers on a regular basis. In most case ...
from a user's address book using a
vertical service code A vertical service code (VSC) is a sequence of digits and the signals star (*) and number sign (#) dialed on a telephone keypad or rotary dial to enable or disable certain telephone service features. Some vertical service codes require dialing of ...
may allow a short numeric code (like *75xx) to be translated to a pre-stored alphanumeric SIP address.


Spam and security issues

In theory, the owner of a SIP-capable telephone handset could publish a SIP address from which they could be freely and directly reached worldwide, in much the same way that
SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typical ...
e-mail recipients may be contacted from anywhere at almost no cost to the message sender. Anyone with a broadband connection could install a
softphone A softphone is a software program for making telephone calls over the Internet using a general purpose computer rather than dedicated hardware. The softphone can be installed on a piece of equipment such as a desktop, mobile device, or other comp ...
(such as
Ekiga Ekiga (formerly called GnomeMeeting) is a VoIP and video conferencing application for GNOME and Microsoft Windows. It is distributed as free software under the terms of the GNU GPL-2.0-or-later. It was the default VoIP client in Ubuntu until Octob ...
) and call any of these SIP addresses for free. In practice, various forms of network abuse are discouraging creation and publication of openly reachable SIP addresses: * The
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
which has rendered SMTP the "spam mail transport protocol" could potentially make published sip: numbers unusable as the numbers are flooded with
VoIP spam VoIP spam or SPIT (spam over Internet telephony) is unsolicited, automatically dialed telephone calls, typically using voice over Internet Protocol (VoIP) technology. VoIP systems, like e-mail and other Internet applications, are susceptible to a ...
, usually automatic announcement devices delivering pre-recorded advertisements. Unlike mailto:, sip: establishes a voice call which interrupts the human recipient in real time with a ringing telephone. * SIP is vulnerable to
Caller ID spoofing Caller ID spoofing is the practice of causing the telephone network to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. This can lead to a caller ID Caller identificati ...
as the displayed name and number, much like the return address on e-mail, is supplied by the sender and not authenticated. * Servers supporting inbound sip: connections are routinely targeted with unauthorised REGISTER attempts with random numeric usernames and passwords, a
brute force attack In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct ...
intended to impersonate individual
off-premises extension {{Unreferenced, date=December 2009 An off-premises extension (OPX), sometimes also known as off-premises station (OPS), is an extension telephone at a location distant from its servicing exchange. One type of off-premises extension, connected to ...
s on the local PBX * Servers supporting inbound sip: connections are also targeted with unsolicited attempts to reach outside numbers, usually premium-rate destinations such as caller-pays-airtime mobile exchanges in foreign countries. In the server logs, this looks like: : ct 23 15:04:02NOTICE
539 Year 539 ( DXXXIX) was a common year starting on Saturday (link will display the full calendar) of the Julian calendar. At the time, it was known as the Year of the Consulship of Strategius without colleague (or, less frequently, year 1292 ' ...
chan_sip.c:21614 handle_request_invite: Call from '' to extension '011972599950423' rejected because extension not found in context 'default'. : ct 23 15:04:04NOTICE
539 Year 539 ( DXXXIX) was a common year starting on Saturday (link will display the full calendar) of the Julian calendar. At the time, it was known as the Year of the Consulship of Strategius without colleague (or, less frequently, year 1292 ' ...
chan_sip.c:21614 handle_request_invite: Call from '' to extension '9011972599950423' rejected because extension not found in context 'default'. : ct 23 15:04:07NOTICE
539 Year 539 ( DXXXIX) was a common year starting on Saturday (link will display the full calendar) of the Julian calendar. At the time, it was known as the Year of the Consulship of Strategius without colleague (or, less frequently, year 1292 ' ...
chan_sip.c:21614 handle_request_invite: Call from '' to extension '7011972599950423' rejected because extension not found in context 'default'. : ct 23 15:04:08NOTICE
539 Year 539 ( DXXXIX) was a common year starting on Saturday (link will display the full calendar) of the Julian calendar. At the time, it was known as the Year of the Consulship of Strategius without colleague (or, less frequently, year 1292 ' ...
chan_sip.c:21614 handle_request_invite: Call from '' to extension '972599950423' rejected because extension not found in context 'default'. an attempt to call a Palestinian mobile telephone (Israel, country code +972) by randomly trying 9- (a common code for an outside line from an office PBX), 011- (the overseas call prefix in the
North American Numbering Plan The North American Numbering Plan (NANP) is a telephone numbering plan for twenty-five regions in twenty countries, primarily in North America and the Caribbean. This group is historically known as World Zone 1 and has the international callin ...
) and 7- (on the off-chance a PBX is using it instead of 9- for an outside line). Security tools such as
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
s or
fail2ban Fail2ban is an intrusion prevention software framework. Written in the Python programming language, it is designed to prevent against brute-force attacks. It is able to run on POSIX systems that have an interface to a packet-control system or f ...
must therefore be deployed to prevent unauthorised outside call attempts; many VoIP providers also disable overseas calls to all but countries specifically requested as enabled by the subscriber.


SIPS URI scheme

The SIPS URI scheme adheres to the syntax of the SIP
URI Uri may refer to: Places * Canton of Uri, a canton in Switzerland * Úri, a village and commune in Hungary * Uri, Iran, a village in East Azerbaijan Province * Uri, Jammu and Kashmir, a town in India * Uri (island), an island off Malakula Islan ...
, differing only in that the scheme is sips rather than sip. The default Internet port address for SIPS is 5061 unless explicitly specified in the URI. SIPS allows resources to specify that they should be reached securely. It mandates that each hop over which the request is forwarded up to the target domain must be secured with TLS. The last hop from the proxy of the target domain to the user agent has to be secured according to local policies. SIPS protects against attackers which try to listen on the signaling link. It does not provide real end-to-end security, since encryption is only hop-by-hop and every single intermediate proxy has to be trusted.


See also

*
Federated VoIP Federated VoIP is a form of packetized voice telephony that uses voice over IP between autonomous domains in the public Internet without the deployment of central virtual exchange points or switching centers for traffic routing. Federated VoIP uses ...
and
telephone number mapping Telephone number mapping is a system of unifying the international telephone number system of the public switched telephone network with the Internet addressing and identification name spaces. Internationally, telephone numbers are systematically ...
*
e164.arpa E.164 is an international standard (ITU-T Recommendation), titled ''The international public telecommunication numbering plan'', that defines a numbering plan for the worldwide public switched telephone network (PSTN) and some other data network ...
* Security Descriptions for SDP *
Mikey Mikey is a masculine given name, often a diminutive form (hypocorism) of Michael. It may also refer to: People * Mikey Ambrose (born 1993), American Major League Soccer player * Mikey Arroyo (born 1969), Filipino actor and politician, son of Phil ...
key exchange method *
ZRTP ZRTP (composed of Z and Real-time Transport Protocol) is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over IP (VoIP) phone telephony call based on the Real-time Transport Protocol. ...
end-to-end key exchange proposal


References

{{URI scheme URI schemes Internet protocols