FAQ: How can I prevent tools like sipvicious or nuisance calls ringing my phone?

Polycom Employee & Community Manager

FAQ: How can I prevent tools like sipvicious or nuisance calls ringing my phone?

SIPVicious and similar tools are claimed to be used to audit SIP based VoIP systems.


Whilst this is a legitimate usage most of the time they are used to brute force SIP servers or phones and then utilize the found information for toll fraud.


Polycom phones from factory can simply receive invites to their IP address and therefore ring once such INVITE is progressed.


Below Example shows such call to the IP of the Phone in Wireshark:




Or via the Phone logs (log.level.change.sip="0" log.render.level="0"):


1024152724|sip  |0|03|<<<Packet Received
1024152724|sip  |0|03|    INVITE sip:1414160845@ SIP/2.0
1024152724|sip  |0|03|Via: SIP/2.0/UDP;branch=z9hG4bK13579926;rport
1024152724|sip  |0|03|From: "Call 1" <sip:1414160845@>;tag=as370e68ea
1024152724|sip  |0|03|To: <sip:3100@>
1024152724|sip  |0|03|CSeq: 1 INVITE
1024152724|sip  |0|03|Call-ID:  1414160845@
1024152724|sip  |0|03|Contact: <sip:1414160845@>
1024152724|sip  |0|03|User-Agent: Invite and Cancel Perl Script
1024152724|sip  |0|03|Accept-Language: en
1024152724|sip  |0|03|Supported: 100rel,replaces
1024152724|sip  |0|03|Allow-Events: talk,hold,conference
1024152724|sip  |0|03|Max-
1024152724|sip  |0|03|    Forwards: 70
1024152724|sip  |0|03|Content-Type: application/sdp

In the above example, a fictitious IP address of was used.


Option 1:


A simple below configuration parameter should stop most anonymous calls and require that the INVITE is sent to the specific user in the registration.

<web voIpProt.SIP.strictUserValidation="1"/>

A phone is registered as 555@example.com


Only calls sent to 555@example.com in the request URI will ring.


Calls to unregistered lines like anonymous@example.com, 1000@example.com, or example.com will all be dropped


Option 2:


In order to add additional security the Admin Guides matching the currently used Software Version document the Incoming Signaling Validation.


You can choose from three optional levels of security for validating incoming network signaling:


  • Source IP address validation
  • Digest authentication
  • Source IP address validation and digest authentication

In the below configuration we choose to utilize the Source IP address validation:



<voIpProt.SIP.requestValidation voIpProt.SIP.requestValidation.1.method="source" voIpProt.SIP.requestValidation.1.request="INVITE" />


An incoming call that does not match the reg.1.server.1.address="" Value will receive a 400 Bad Request SIP Message from the phone.






Or via the Phone logs (log.level.change.sip="0" log.render.level="0"):


1024153153|sip  |0|03|>>> Data Send to
1024153153|sip  |0|03|    SIP/2.0 400 Bad Request
1024153153|sip  |0|03|    Via: SIP/2.0/UDP;branch=z9hG4bK13579926;rport
1024153153|sip  |0|03|    From: "Call 1" <sip:1414161114@>;tag=as370e68ea
1024153153|sip  |0|03|    To: <sip:3100@>;tag=A9A4BF00-FD048511
1024153153|sip  |0|03|    CSeq: 1 INVITE
1024153153|sip  |0|03|    Call-ID: 1414161114@
1024153153|sip  |0|03|    User-Agent: PolycomSoundPointIP-SPIP_550-UA/
1024153153|sip  |0|03|    Accept-Language: en
1024153153|sip  |0|03|    Content-Length: 0


An example configuration file is attached which can be imported via the Web Interface as explained => here <= if running UC Software 4.0.0 or later or use a provisioning server as explained => here <=


If official support is required please check how to phone or open a case here

The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.


⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓SIGNATURE ⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
Please also ensure you always check the VoIP , Video Endpoint , Microsoft Voice , PSTN or other FAQ's in the different sections