Plantronics + Polycom. Now together as Poly Logo

FAQ: How can I prevent tools like sipvicious or nuisance calls ringing my phone?

Polycom Employee & Community Manager

FAQ: How can I prevent tools like sipvicious or nuisance calls ringing my phone?

SIPVicious and similar tools are claimed to be used to audit SIP based VoIP systems.

 

Whilst this is a legitimate usage most of the time they are used to brute force SIP servers or phones and then utilize the found information for toll fraud.

 

Polycom phones from factory can simply receive invites to their IP address and therefore ring once such INVITE is progressed.

 

Below Example shows such call to the IP of the Phone in Wireshark:

 

SIP_Invite_Script_00.PNG 

 

Or via the Phone logs (log.level.change.sip="0" log.render.level="0"):

 

1024152724|sip  |0|03|<<<Packet Received
1024152724|sip  |0|03|    INVITE sip:1414160845@10.252.149.102 SIP/2.0
1024152724|sip  |0|03|Via: SIP/2.0/UDP 10.20.30.40;branch=z9hG4bK13579926;rport
1024152724|sip  |0|03|From: "Call 1" <sip:1414160845@10.20.30.40>;tag=as370e68ea
1024152724|sip  |0|03|To: <sip:3100@10.252.149.102>
1024152724|sip  |0|03|CSeq: 1 INVITE
1024152724|sip  |0|03|Call-ID:  1414160845@10.20.30.40:5060
1024152724|sip  |0|03|Contact: <sip:1414160845@10.20.30.40>
1024152724|sip  |0|03|Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
1024152724|sip  |0|03|User-Agent: Invite and Cancel Perl Script
1024152724|sip  |0|03|Accept-Language: en
1024152724|sip  |0|03|Supported: 100rel,replaces
1024152724|sip  |0|03|Allow-Events: talk,hold,conference
1024152724|sip  |0|03|Max-
1024152724|sip  |0|03|    Forwards: 70
1024152724|sip  |0|03|Content-Type: application/sdp

In above example a fictitious IP address of 10.20.30.40 was used.

 

Option 1:

 

A simple below configuration parameter should stop most anonymous calls and require that the INVITE is sent to the specific user in the registration.

 

voIpProt.SIP.strictUserValidation="1"

A phone is registered as 555@example.com

 

Only calls sent to 555@example.com in the request URI will ring.

Calls to unregistered lines like anonymous@example.com, 1000@example.com, or example.com will all be dropped

 

Option 2:

 

In order to add additional security the Admin Guides matching the currently used Software Version document the Incoming Signaling Validation.

 

You can choose from three optional levels of security for validating incoming network signaling:

 

  • Source IP address validation
  • Digest authentication
  • Source IP address validation and digest authentication

In the below configuration we choose to utilize the Source IP address validation:

 

<voIpProt.SIP.requestValidation voIpProt.SIP.requestValidation.1.method="source" voIpProt.SIP.requestValidation.1.request="INVITE" />

 

An incoming call that does not match the reg.1.server.1.address="" Value will receive a 400 Bad Request SIP Message from the phone.

 

Wireshark:

 

SIP_Invite_Script.PNG

 

Or via the Phone logs (log.level.change.sip="0" log.render.level="0"):

 

1024153153|sip  |0|03|>>> Data Send to 10.20.30.40:5060
1024153153|sip  |0|03|    SIP/2.0 400 Bad Request
1024153153|sip  |0|03|    Via: SIP/2.0/UDP 10.20.30.40;branch=z9hG4bK13579926;rport
1024153153|sip  |0|03|    From: "Call 1" <sip:1414161114@10.20.30.40>;tag=as370e68ea
1024153153|sip  |0|03|    To: <sip:3100@10.252.149.102>;tag=A9A4BF00-FD048511
1024153153|sip  |0|03|    CSeq: 1 INVITE
1024153153|sip  |0|03|    Call-ID: 1414161114@10.20.30.40:5060
1024153153|sip  |0|03|    User-Agent: PolycomSoundPointIP-SPIP_550-UA/4.0.4.2906
1024153153|sip  |0|03|    Accept-Language: en
1024153153|sip  |0|03|    Content-Length: 0

 

An Example configuration file is attached which can be imported via the Web Interface as explained => here <= if running UC Software 4.0.0 or later or use a provisioning server as explained => here <=




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.