dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
48

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

1 recommendation

Arne Bolen to VexorgTR

Premium Member

to VexorgTR

Re: DDoS Attacks, Is Any VoIPP Less Susceptable ?

said by »www.sipoutbound.com/faq# ··· -and-rtp :

SIP (Session Initiation Protocol) handles the signaling part of a communication over the Internet and helps in establishing calls between end-users. RTP (Real Time Protocol), at the other hand, carries multimedia packets (audio, video, instant messaging...) being transferred between calling parties once the call is established.

SIP and RTP together to allow VoIP calls to take place. In general, SIP signaling involves an intermediate agent called SIP Proxy – a server reachable on a public address – which knows both parties locations and helps them to find one another, while RTP packets are meant to travel either directly between the two calling agents or via a media proxy.

said by »www.sipoutbound.com/faq# ··· nd-proxy :

A SIP Outbound Proxy acts, like any proxy server, as a middleman between two communicating agents, serving as a transit point for all SIP traffic. You configure your SIP client to use the SIP Outbound Proxy server just as you would configure your web browser to use a proxy. Listening on an unblocked port number and forwarding requests between your SIP client and your VoIP provider, it helps bypassing the restrictions imposed by your Internet provider.

said by »www.smartvox.co.uk/sipfa ··· ined.htm :

Outbound Proxy Server
When you look at the configuration options on most IP phones, you will see a field called "Outbound Proxy" or "Outbound Proxy Server". In this field you can enter an IP address, a host.domain name or just a domain name (as long as it can be resolved to an IP address in DNS). It is an optional field, but if you enter a value then all future SIP requests get sent there in the first instance. If you leave it blank, then the routing of SIP requests will depend mainly on the SIP address given in the R-URI field of the request's header - see the section "what happens if an Outbound Proxy Server is not specified" below for details.

said by »www.smartvox.co.uk/sipfa ··· ined.htm :

What is the function of a SIP Outbound Proxy Server?
When the IP phone makes an outbound call, it sends an INVITE request. If your IP phone is configured to use an outbound proxy server, then the INVITE is sent there. The request could be handled within that proxy server or be forwarded to another proxy server or gateway. The user credentials would normally be checked, especially if the call needs to break out onto the PSTN or incurs toll charges in any way.

On most IP phones, if a valid entry is given for the "outbound proxy server" field, then it causes every type of SIP request from the phone to be sent to that address (albeit this behaviour would only apply to one SIP account at a time on a multi-line phone). This would mean that even a REGISTER request that might otherwise have gone directly to the registrar server, would have to go via the outbound proxy server. In this case, the outbound proxy server would be able to block the request or forward it to the correct registrar server depending on its own internal rules. In this role, the outbound proxy server is acting as a centrally managed security barrier and, in combination with appropriate firewall rules, it could be given a role similar to that of a web proxy in a corporate network environment.


VexorgTR
join:2012-08-27
Sheffield Lake, OH

VexorgTR

Member

Thanks for the info... sometimes this stuff can feel like...

tl;dr but I'll try and get through it all when i have a moment.

Davesnothere
Change is NOT Necessarily Progress
Premium Member
join:2009-06-15
Canada

Davesnothere to Arne Bolen

Premium Member

to Arne Bolen
 
Somebody posted a day or two ago - not sure exactly where, prob'ly in the omnibus CallCentric thread - that some or all OBI ATAs let you specify multiple SIP servers for each VoIP provider, and gave examples of how - apparently it's explained in the OBI user manuals.

It got me to thinking....

If every VoIP USER were to get an OBI ATA and use that feature rather than DNS SRV (where the DNS SERVER record automatically moves you to an alternate SIP server), would that make it more difficult for an attacker to overload a SIP server, since the specified server would then not necessarily be sending its excess load to the next server in the farm ?

It would seem to be an alternate and less vulnerable way to make a provider's multiple SIP servers failover to each other, but controlled by each legitimate USER's ATA, rather than by functionality which may (e.g. CallCentric, Anveo) or may not (e.g. VOIP.MS) be available at the provider's end of things.

Davesworld
join:2007-10-30
Thermal, CA

Davesworld

Member

Multiple servers set for a provider only work if the provider has different domained servers to enter into the blanks and each domain points to a different server (they don't have to). This is for failover. For example, voip.ms's seattle server goes down and my connection picks up the la server upon registration failure since I have it set to use la as the second choice. It also helps if your equipment has the homing feature where the first choice is homed back to when it is available again unless you don't care which is used.