The SIP URI scheme is a
Uniform Resource Identifier
A Uniform Resource Identifier (URI), formerly Universal Resource Identifier, is a unique sequence of characters that identifies an abstract or physical resource, such as resources on a webpage, mail address, phone number, books, real-world obje ...
(URI) scheme for the
Session Initiation Protocol
The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telepho ...
(SIP) multimedia communications protocol. A SIP address is a URI that addresses a specific
telephone extension on a
voice over IP
Voice over Internet Protocol (VoIP), also known as IP telephony, is a set of technologies used primarily for voice communication sessions over Internet Protocol (IP) networks, such as the Internet. VoIP enables voice calls to be transmitted as ...
system. Such a number could be a
private branch exchange
A business telephone system is a telephone system typically used in business environments, encompassing the range of technology from the key telephone system (KTS) to the private branch exchange (PBX).
A business telephone system differs from ...
or an
E.164 telephone number dialled through a specific gateway. The scheme was defined in .
Operation
A SIP address is written in
[email protected] format in a similar fashion to an
email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Enginee ...
. An address like:
:
sip:[email protected]
instructs a SIP client to use the
NAPTR A Name Authority Pointer (NAPTR) is a type of Domain Name System#resource record, resource record in the Domain Name System of the Internet.
NAPTR records are most commonly used for applications in Internet telephony, for example, in the mapping of ...
and
SRV SRV may refer to:
Computing
* SRV record as used in the Domain Name System
* /srv, a directory on Unix-like computer systems
Music
*Stevie Ray Vaughan, American blues and blues-rock guitarist (1954–1990)
*"S.R.V.", an instrumental track from gu ...
schemes to look up the SIP server associated with the
DNS
The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various informatio ...
name voip-provider.example.net and connect to that server. If those records are not found, but the name is associated with an IP address, the client will directly contact the SIP server at that IP address on port 5060, by default using the
UDP transport protocol.
It will ask the server (which may be a gateway) to be connected to the destination user at 1-999-123-4567. The gateway may require the user REGISTER using SIP before placing this call. If a destination port is provided as part of the SIP URI, the NAPTR/SRV lookups are not used; rather, the client directly connects to the specified host and port.
As a SIP address is text, much like an e-mail address, it may contain non-numeric characters. As the client may be a
SIP phone or other device with just a numeric, telephone-like keypad, various schemes exist to associate an entirely numeric identifier to a publicly reachable SIP address. These include the
iNum Initiative
The iNum (international number) initiative was a project by Voxbone to create a global dial code for Voice over IP
Voice over Internet Protocol (VoIP), also known as IP telephony, is a set of technologies used primarily for voice communicatio ...
(which issues E.164-formatted numbers, where the corresponding SIP address is the number '@sip.inum.net'), SIP Broker-style services (which associate a numeric *prefix to the SIP domain name) and the
e164.org and
e164.arpa domain name servers (which convert numbers to addresses one-by-one as DNS reverse-lookups).
SIP addresses may be used directly in configuration files (for instance, in
Asterisk (PBX)
Asterisk is a software implementation of a private branch exchange (PBX). In conjunction with suitable telephony hardware interfaces and network applications, Asterisk is used to establish and control telephone calls between telecommunication en ...
installations) or specified through the web interface of a voice-over-IP gateway provider (usually as a
call forwarding
Call forwarding, or call diversion, is a telephony feature of all telephone switching systems which redirects a telephone call to another destination, which may be, for example, a mobile or another telephone number where the desired called party i ...
destination or an address book entry). Systems which allow
speed dial from a user's address book using a
vertical service code
A vertical service code (VSC) is a sequence of digits and the signals star () and pound/hash () dialed on a telephone keypad or rotary dial to access certain telephone service features. Some vertical service codes require dialing of a telephone ...
may allow a short numeric code (like *75xx) to be translated to a pre-stored alphanumeric SIP address.
Spam and security issues
In theory, the owner of a SIP-capable telephone handset could publish a SIP address from which they could be freely and directly reached worldwide, in much the same way that
SMTP
The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typi ...
e-mail recipients may be contacted from anywhere at almost no cost to the message sender. Anyone with a broadband connection could install a
softphone
A softphone is a software program for making telephone calls over the Internet using a general purpose computer rather than dedicated hardware. The softphone can be installed on a piece of equipment such as a desktop, mobile device, or other compu ...
(such as
Ekiga
Ekiga (formerly called GnomeMeeting) was a VoIP and video conferencing application for GNOME and Microsoft Windows. It was distributed as free software under the terms of the GNU GPL-2.0-or-later. It was the default VoIP client in Ubuntu until Oc ...
) and call any of these SIP addresses for free.
In practice, various forms of
network abuse are discouraging creation and publication of openly reachable SIP addresses:
* The
spam
Spam most often refers to:
* Spam (food), a consumer brand product of canned processed pork of the Hormel Foods Corporation
* Spamming, unsolicited or undesired electronic messages
** Email spam, unsolicited, undesired, or illegal email messages
...
which has rendered SMTP the "spam mail transport protocol" could potentially make published sip: numbers unusable as the numbers are flooded with
VoIP spam
VoIP spam or SPIT (spam over Internet telephony) is unsolicited, automatically dialed telephone calls, typically using voice over Internet Protocol (VoIP) technology.
VoIP systems, like e-mail and other Internet applications, are susceptible to a ...
, usually automatic announcement devices delivering pre-recorded advertisements. Unlike
mailto:, sip: establishes a voice call which interrupts the human recipient in real time with a ringing telephone.
* SIP is vulnerable to
Caller ID spoofing
Caller ID spoofing is a spoofing attack which causes the telephone network's Caller ID to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. This can lead to a display showin ...
as the displayed name and number, much like the return address on e-mail, is supplied by the sender and not authenticated.
* Servers supporting inbound sip: connections are routinely targeted with unauthorised REGISTER attempts with random numeric usernames and passwords, a
brute force attack
In cryptography, a brute-force attack or exhaustive key search is a cryptanalytic attack that consists of an attacker submitting many possible Key (cryptography), keys or passwords with the hope of eventually guessing correctly. This strategy can ...
intended to impersonate individual
off-premises extension
An off-premises extension (OPX), sometimes also known as off-premises station (OPS), is an extension telephone at a location distant from its servicing exchange.
One type of off-premises extension, connected to a private branch exchange (PBX), i ...
s on the local PBX
* Servers supporting inbound sip: connections are also targeted with unsolicited attempts to reach outside numbers, usually premium-rate destinations such as caller-pays-airtime mobile exchanges in foreign countries.
In the server logs, this looks like:
:
ct 23 15:04:02NOTICE
539
Year 539 ( DXXXIX) was a common year starting on Saturday of the Julian calendar. At the time, it was known as the Year of the Consulship of Strategius without colleague (or, less frequently, year 1292 ''Ab urbe condita''). The denomination 5 ...
chan_sip.c:21614 handle_request_invite: Call from '
' to extension '011972599950423' rejected because extension not found in context 'default'.
:
ct 23 15:04:04NOTICE
539
Year 539 ( DXXXIX) was a common year starting on Saturday of the Julian calendar. At the time, it was known as the Year of the Consulship of Strategius without colleague (or, less frequently, year 1292 ''Ab urbe condita''). The denomination 5 ...
chan_sip.c:21614 handle_request_invite: Call from '
' to extension '9011972599950423' rejected because extension not found in context 'default'.
:
ct 23 15:04:07NOTICE
539
Year 539 ( DXXXIX) was a common year starting on Saturday of the Julian calendar. At the time, it was known as the Year of the Consulship of Strategius without colleague (or, less frequently, year 1292 ''Ab urbe condita''). The denomination 5 ...
chan_sip.c:21614 handle_request_invite: Call from '
' to extension '7011972599950423' rejected because extension not found in context 'default'.
:
ct 23 15:04:08NOTICE
539
Year 539 ( DXXXIX) was a common year starting on Saturday of the Julian calendar. At the time, it was known as the Year of the Consulship of Strategius without colleague (or, less frequently, year 1292 ''Ab urbe condita''). The denomination 5 ...
chan_sip.c:21614 handle_request_invite: Call from '
' to extension '972599950423' rejected because extension not found in context 'default'.
an attempt to call a Palestinian mobile telephone (Israel, country code +972) by randomly trying 9- (a common code for an outside line from an office PBX), 011- (the overseas call prefix in the
North American Numbering Plan
The North American Numbering Plan (NANP) is an integrated telephone numbering plan for twenty-five regions in twenty countries, primarily in North America and the Caribbean. This group is historically known as World Zone 1, World Numbering Zone ...
) and 7- (on the off-chance a PBX is using it instead of 9- for an outside line). Security tools such as
firewall
Firewall may refer to:
* Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts
* Firewall (construction), a barrier inside a building, designed to limit the spre ...
s or
fail2ban must therefore be deployed to prevent unauthorised outside call attempts; many VoIP providers also disable overseas calls to all but countries specifically requested as enabled by the subscriber.
SIPS URI scheme
The SIPS URI scheme adheres to the syntax of the
SIP URI
Uri may refer to:
Places
* Canton of Uri, a canton in Switzerland
* Úri, a village and commune in Hungary
* Uri, Iran, a village in East Azerbaijan Province
* Uri, Jammu and Kashmir, a town in India
* Uri (island), off Malakula Island in V ...
, differing only in that the scheme is
sips
rather than
sip
. The default Internet port address for SIPS is 5061 unless explicitly specified in the URI.
SIPS allows resources to specify that they should be reached securely. It mandates that each hop over which the request is forwarded up to the target domain must be secured with
TLS. The last hop from the proxy of the target domain to the user agent has to be secured according to local policies.
SIPS protects against attackers which try to listen on the signaling link. It does not provide real end-to-end security, since encryption is only hop-by-hop and every single intermediate proxy has to be trusted.
See also
*
Federated VoIP
Federated VoIP is a form of packetized voice telephony that uses voice over IP between autonomous domains in the public Internet without the deployment of central virtual exchange points or switching centers for traffic routing. Federated VoIP use ...
and
telephone number mapping
*
e164.arpa
*
Security Descriptions for SDP
*
Mikey key exchange method
*
ZRTP
ZRTP (composed of Z and Real-time Transport Protocol) is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over IP (VoIP) phone telephony call based on the Real-time Transport Protocol ...
end-to-end key exchange proposal
References
{{URI scheme
URI schemes
Internet protocols