IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sip]

Session Initiation Protocol. or SIP, is an application layer communications protocol that can be used in conjunction with other protocols for voice communications over IP or video calling.

Session Initiation Protocol. or SIP, is an application layer communications protocol that can be used in conjunction with other protocols for voice communications over IP or video calling.

Related reading

24 questions
12
votes
3 answers

Is secure Caller ID possible for SIP / VOIP?

Is there any way (standard, proposed or draft) that will allow for secure Caller ID over SIP / VOIP networks? I have constantly heard that Caller ID is insecure when used over these services. Can anyone explain why Caller ID is insecure when used…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
10
votes
2 answers

How secure is FaceTime by Apple

Apple says their messages and FaceTime calls are end-to-end encrypted and nobody can access them. As I'm unfamiliar with cryptology, I've found security white paper from Apple, where says: FaceTime uses Internet Connectivity Establishment (ICE) to…
user179996
  • 355
  • 1
  • 2
  • 7
8
votes
1 answer

TLS Handshake gets torn down

I am trying to debug a TLS handshake between two SIP trunk endpoints: .75 and .82. Mutual authentication is being used. .75 sends: Client Hello Certificate, Client Key Exchange Certificate Verify, Change Cipher Spec, Encrypted Handshake…
Yusuf
  • 83
  • 1
  • 1
  • 6
7
votes
4 answers

SIP UDP request breaking through iptables

I have been investigating a few instances recently where SIP UDP traffic has been somehow evading the ruleset defined in iptables leading me to suspect that there is a hole in our rules so i'm looking for advice on how to bolster defences on the…
puppyFlo
  • 201
  • 1
  • 5
4
votes
1 answer

VoIP call security: How does encrypting signalling protocol (SIP) protects RTP?

Checking the data packets from many VoIP applications shows that SIP packets are encrypted with TLS. So the captured session shows no SIP signals at all, just simple TCP and TLS/SSL packets. But surprisingly, RTP packets are well visible, with…
Shasi
  • 41
  • 1
  • 1
  • 3
3
votes
1 answer

SIP Provider stores credentials, is it required for some SIP phones?

My SIP provider stores my SIP call time password as AES encrypted in stead of hashed. I understand that SIP authentication has the capability to NOT store the password, and in stead store a pre-calculated hash 'string1'. string…
Dick99999
  • 525
  • 5
  • 8
2
votes
0 answers

Is a direct SIP video call (encrypted) between two computers more secure than going through a registrar service?

I learned recently about ZRTP-encrypted video calls using an SIP client, such as Jitsi or Linphone or Blink. I was able to make a direct encrypted video call between two clients on the same local network, but it seems a lot more difficult to…
Bee Kay
  • 21
  • 2
2
votes
1 answer

SIP DoS classifications

I would like to understand below SIP DoS attacks Message Payload Tampering [implementation errors, SIP bugs] Flow Tampering [CPU, Bandwidth, Memory] Message Flooding [lack of authentication or encryption implementation / errors] On the other hand,…
John
  • 21
  • 2
2
votes
1 answer

COMMUNITY SIP TCP/IP message flooding directed to SIP proxy

I have installed Snort IDS and most alarm is: "COMMUNITY SIP TCP/IP message flooding directed to SIP proxy" And i use home DSL Internet connection , should i be worried about this alarm ? I have read this article but i couldn't understand it…
gold member
  • 21
  • 6
2
votes
2 answers

How to mitigate SIP Reflection Attacks?

SIP has a practical need to be widely available, but its services are prone to being spoofed as reflectors used in DDoS attacks. A freeswitch server I manage has seen heaps of registration requests on UDP (~300/second), each one generating a 401…
mgjk
  • 7,535
  • 2
  • 20
  • 34
2
votes
0 answers

How to reproduce the RTP bleed vulnerability?

I need to demonstrate RTP bleed on an older version of Asterisk/RTPProxy, but I'm struggling with setting up the environment. Can somebody please tell me how to configure a proxy and two clients properly to be able to send .wav files through a call,…
clockwork-orange
  • 21
  • 1
2
votes
1 answer

TLS 1.2 Missing Finished Message

I'm setting up a TLS connection for the purposes of sending secure SIP. The remote gateway (Twilio) doesn't always send a finish message and as such those requests fail. Everything else appears to match between successful and failing messages. My…
puppyFlo
  • 201
  • 1
  • 5
2
votes
1 answer

VoIP protocols security

I have read a lot of papers about VoIP security issues. The main focus is on SIP protocol. You can find hundred of papers about securing SIP. Even though other signaling protocols like H.323 and IAX or even media protocols like Real-time Transport…
Hanna
  • 129
  • 7
1
vote
0 answers

Bash shell exploit using SIP

I have a SIP proxy server, that would like to test Shellshock on. I have used this https://github.com/zaf/sipshock to try and test. but this is what I get. So I just want to know generally what is the flow like for this exploit over sip ( anyone…
Charm_quark
  • 119
  • 5
1
vote
1 answer

Can my SIP conversation partner identify my location?

Is it possible that after establishing a SIP phone call my conversation partner is able to identify my location? If so what are the prerequisites and how accurate would he be to do so?
John Smith
  • 11
  • 1
1
2