World Library  
Flag as Inappropriate
Email this Article

SIP URI scheme

Article Id: WHEBN0006123526
Reproduction Date:

Title: SIP URI scheme  
Author: World Heritage Encyclopedia
Language: English
Subject: Rsync, Domain Name System
Collection: Internet Protocols, Uri Schemes
Publisher: World Heritage Encyclopedia
Publication
Date:
 

SIP URI scheme

The SIP URI scheme is a Uniform Resource Identifier (URI) scheme for the Session Initiation Protocol (SIP) multimedia communications protocol. A SIP address is a URI that addresses a specific telephone extension on a voice over IP system. Such a number could be a private branch exchange or an E.164 telephone number dialled through a specific gateway. The scheme was defined in RFC 3261.

Contents

  • Operation 1
  • Spam and security issues 2
  • SIPS URI scheme 3
  • See also 4

Operation

A SIP address is written in user@domain.tld format in a similar fashion to an email address. An address like:

sip:1-999-123-4567@voip-provider.example.net

instructs a SIP client to make a (usually UDP) connection to voip-provider.example.net:5060 (which may be a gateway) and ask to be connected to the destination user at 1-999-123-4567. The gateway may require the user REGISTER using SIP before placing this call. The default Internet port address for SIP is 5060 unless explicitly specified in the URI.

As a SIP address is text, much like an e-mail address, it may contain non-numeric characters. As the client may be a e164.arpa domain name servers (which convert numbers to addresses one-by-one as DNS reverse-lookups).

SIP addresses may be used directly in configuration files (for instance, in Asterisk (PBX) installations) or specified through the web interface of a voice-over-IP gateway provider (usually as a call forwarding destination or an address book entry). Systems which allow speed dial from a user's address book using a vertical service code may allow a short numeric code (like *75xx) to be translated to a pre-stored alphanumeric SIP address.

Spam and security issues

In theory, the owner of a SIP-capable telephone handset could publish a SIP address from which they could be freely and directly reached worldwide, in much the same way that SMTP e-mail recipients may be contacted from anywhere at almost no cost to the message sender. Anyone with a broadband connection could install a softphone (such as Ekiga) and call any of these SIP addresses for free.

In practice, various forms of network abuse are discouraging creation and publication of openly reachable SIP addresses:

  • The spam (electronic) which has rendered SMTP the "spam mail transport protocol" could potentially make published sip: numbers unusable as the numbers are flooded with VoIP spam, usually automatic announcement devices delivering pre-recorded advertisements. Unlike mailto:, sip: establishes a voice call which interrupts the human recipient in real time with a ringing telephone.
  • SIP is vulnerable to Caller ID spoofing as the displayed name and number, much like the return address on e-mail, is supplied by the sender and not authenticated.
  • Servers supporting inbound sip: connections are routinely targeted with unauthorised REGISTER attempts with random numeric usernames and passwords, a brute force attack intended to impersonate individual off-premises extensions on the local PBX
  • Servers supporting inbound sip: connections are also targeted with unsolicited attempts to reach outside numbers, usually premium-rate destinations such as caller-pays-airtime mobile exchanges in foreign countries.

In the server logs, this looks like:

[Oct 23 15:04:02] NOTICE[4539]: chan_sip.c:21614 handle_request_invite: Call from to extension '011972599950423' rejected because extension not found in context 'default'.
[Oct 23 15:04:04] NOTICE[4539]: chan_sip.c:21614 handle_request_invite: Call from to extension '9011972599950423' rejected because extension not found in context 'default'.
[Oct 23 15:04:07] NOTICE[4539]: chan_sip.c:21614 handle_request_invite: Call from to extension '7011972599950423' rejected because extension not found in context 'default'.
[Oct 23 15:04:08] NOTICE[4539]: chan_sip.c:21614 handle_request_invite: Call from to extension '972599950423' rejected because extension not found in context 'default'.

an attempt to call a Palestinian mobile telephone (Israel, country code +972) by randomly trying 9- (a common code for an outside line from an office PBX), 011- (the overseas call prefix in the North American Numbering Plan) and 7- (on the off-chance a PBX is using it instead of 9- for an outside line). Security tools such as firewalls or fail2ban must therefore be deployed to prevent unauthorised outside call attempts; many VoIP providers also disable overseas calls to all but countries specifically requested as enabled by the subscriber.

SIPS URI scheme

The SIPS URI scheme adheres to the syntax of the SIP URI, differing only in that the scheme is sips rather than sip. The default Internet port address for SIPS is 5061 unless explicitly specified in the URI.

SIPS allows resources to specify that they should be reached securely. It mandates that each hop over which the request is forwarded up to the target domain must be secured with TLS. The last hop from the proxy of the target domain to the user agent has to be secured according to local policies.

SIPS protects against attackers which try to listen on the signaling link. It does not provide real end-to-end security, since encryption is only hop-by-hop and every single intermediate proxy has to be trusted.

See also

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.