Logo

Poly Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FAQ: How can I prevent tools like sipvicious or nuisance calls ringing my phone?

SteffenBaierUK
Polycom Employee & Community Manager Polycom Employee & Community Manager
Polycom Employee & Community Manager
‎10-24-2014 08:53 AM
‎10-24-2014 08:53 AM

FAQ: How can I prevent tools like sipvicious or nuisance calls ringing my phone?

SIPVicious and similar tools are claimed to be used to audit SIP based VoIP systems.

 

Whilst this is a legitimate usage most of the time they are used to brute force SIP servers or phones and then utilize the found information for toll fraud.

 

Polycom phones from factory can simply receive invites to their IP address and therefore ring once such INVITE is progressed.

 

Below Example shows such call to the IP of the Phone in Wireshark:

 

SIP_Invite_Script_00.PNG 

 

Or via the Phone logs (log.level.change.sip="0" log.render.level="0"):

 

1024152724|sip  |0|03|<<<Packet Received
1024152724|sip  |0|03|    INVITE sip:1414160845@10.252.149.102 SIP/2.0
1024152724|sip  |0|03|Via: SIP/2.0/UDP 10.20.30.40;branch=z9hG4bK13579926;rport
1024152724|sip  |0|03|From: "Call 1" <sip:1414160845@10.20.30.40>;tag=as370e68ea
1024152724|sip  |0|03|To: <sip:3100@10.252.149.102>
1024152724|sip  |0|03|CSeq: 1 INVITE
1024152724|sip  |0|03|Call-ID:  1414160845@10.20.30.40:5060
1024152724|sip  |0|03|Contact: <sip:1414160845@10.20.30.40>
1024152724|sip  |0|03|Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
1024152724|sip  |0|03|User-Agent: Invite and Cancel Perl Script
1024152724|sip  |0|03|Accept-Language: en
1024152724|sip  |0|03|Supported: 100rel,replaces
1024152724|sip  |0|03|Allow-Events: talk,hold,conference
1024152724|sip  |0|03|Max-
1024152724|sip  |0|03|    Forwards: 70
1024152724|sip  |0|03|Content-Type: application/sdp

In the above example, a fictitious IP address of 10.20.30.40 was used.

 

Option 1:

 

A simple below configuration parameter should stop most anonymous calls and require that the INVITE is sent to the specific user in the registration.

<web voIpProt.SIP.strictUserValidation="1"/>

A phone is registered as 555@example.com

 

Only calls sent to 555@example.com in the request URI will ring.

 

Calls to unregistered lines like anonymous@example.com, 1000@example.com, or example.com will all be dropped

 

Option 2:

 

In order to add additional security the Admin Guides matching the currently used Software Version document the Incoming Signaling Validation.

 

You can choose from three optional levels of security for validating incoming network signaling:

 

  • Source IP address validation
  • Digest authentication
  • Source IP address validation and digest authentication

In the below configuration we choose to utilize the Source IP address validation:

 

 

<voIpProt.SIP.requestValidation voIpProt.SIP.requestValidation.1.method="source" voIpProt.SIP.requestValidation.1.request="INVITE" />

 

An incoming call that does not match the reg.1.server.1.address="" Value will receive a 400 Bad Request SIP Message from the phone.

 

Wireshark:

 

SIP_Invite_Script.PNG

 

Or via the Phone logs (log.level.change.sip="0" log.render.level="0"):

 

1024153153|sip  |0|03|>>> Data Send to 10.20.30.40:5060
1024153153|sip  |0|03|    SIP/2.0 400 Bad Request
1024153153|sip  |0|03|    Via: SIP/2.0/UDP 10.20.30.40;branch=z9hG4bK13579926;rport
1024153153|sip  |0|03|    From: "Call 1" <sip:1414161114@10.20.30.40>;tag=as370e68ea
1024153153|sip  |0|03|    To: <sip:3100@10.252.149.102>;tag=A9A4BF00-FD048511
1024153153|sip  |0|03|    CSeq: 1 INVITE
1024153153|sip  |0|03|    Call-ID: 1414161114@10.20.30.40:5060
1024153153|sip  |0|03|    User-Agent: PolycomSoundPointIP-SPIP_550-UA/4.0.4.2906
1024153153|sip  |0|03|    Accept-Language: en
1024153153|sip  |0|03|    Content-Length: 0

 

An example configuration file is attached which can be imported via the Web Interface as explained => here <= if running UC Software 4.0.0 or later or use a provisioning server as explained => here <=

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------


⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓SIGNATURE ⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
Please also ensure you always check the VoIP , Video Endpoint , Microsoft Voice , PSTN or other FAQ's in the different sections
Labels:
Message 1 of 1
0 Kudos