|
Home > Archive > Voice Over IP in UK > March 2006 > DID with SIP
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Brian A 2006-03-05, 5:45 pm |
| Anyone know a cheap source of a DID number that can be diverted to SIP
addresses ?
Remove 'no_spam_' from email address.
| |
| Brian A 2006-03-05, 5:45 pm |
| On Sun, 05 Mar 2006 21:50:12 GMT, Brian A
<no_spam_bca1000@hotmail.com> wrote:
>Anyone know a cheap source of a DID number that can be diverted to SIP
>addresses ?
I meant to say UK GEOGRAPHIC DID number.
Remove 'no_spam_' from email address.
| |
| Paul Cupis 2006-03-05, 5:45 pm |
| Brian A wrote:
> Anyone know a cheap source of a DID number that can be diverted to SIP
> addresses ?
Define cheap.
| |
| Richard Smith 2006-03-06, 8:45 pm |
| Brian A wrote:
> Anyone know a cheap source of a DID number that can be diverted to SIP
> addresses ?
Generally, you'll find that most providers worth their salt won't
redirect to sip address. Mostly because this could be used (depending
on the platform that's implemented) to create a denial of service on
the server, either intentionally or unintentionally.
Calls could be:
- inadvertantly bounced between supliers
- sent to an unroutable address
- sent to an address (sip:a@b.com) that redirects to another address
(sip:b@a.com) that redirects to the first address (sip:a@b.com), ergo,
routing loop.
- plethora of other examples.
If someone were to flood that number with calls, the services could
easily overload or run out of memory or whatever, since it can be
paticularly difficult to filter these calls[1].
There may be one or two suppliers though. I can't quote any off the top
of my head.
~ Rich
[1] Some providers remove SIP headers in order to hide infrastructure.
| |
| Ivor Jones 2006-03-06, 8:45 pm |
|
"Brian A" <no_spam_bca1000@hotmail.com> wrote in message
news:s9nm0257107pf1lo28cc3jaq0vs23iqnsj@
4ax.com
> On Sun, 05 Mar 2006 21:50:12 GMT, Brian A
> <no_spam_bca1000@hotmail.com> wrote:
>
> I meant to say UK GEOGRAPHIC DID number.
www.ipkall.com provide free US numbers (and very good they are too..!),
but I can't think of a UK equivalent offhand.
Ivor
| |
| Thomas Sandford 2006-03-07, 7:45 am |
| "Richard Smith" <pobkuk@gmail.com> wrote in message
news:1141697719.391860.122520@e56g2000cwe.googlegroups.com...
> Brian A wrote:
>
> Generally, you'll find that most providers worth their salt won't
> redirect to sip address. Mostly because this could be used (depending
> on the platform that's implemented) to create a denial of service on
> the server, either intentionally or unintentionally.
>
> ...
Am I missing something. I thought the OP was asking for a source of UK
numbers which could be assigned to a SIP phone/device - like Sipgate,
Gradwell and countless other UK suppliers do.
--
Thomas Sandford
| |
| Ivor Jones 2006-03-07, 7:45 am |
|
"Thomas Sandford" <${thomas/03$}@paradisegreen.co.uk> wrote
in message news:440d684d$0$1174$5a6aecb4@news.aaisp.net.uk
> "Richard Smith" <pobkuk@gmail.com> wrote in message
> news:1141697719.391860.122520@e56g2000cwe.googlegroups.com...
>
> Am I missing something. I thought the OP was asking for a
> source of UK numbers which could be assigned to a SIP
> phone/device - like Sipgate, Gradwell and countless other
> UK suppliers do.
He said SIP *address* not SIP device. I read it as a number that could be
directed to an *existing* SIP address.
www.ipkall.com do this for US phone numbers, but I can't think of a UK
equivalent offhand.
Ivor
| |
| Paul Cupis 2006-03-07, 7:45 am |
| Richard Smith wrote:
> Brian A wrote:
>
> Generally, you'll find that most providers worth their salt won't
> redirect to sip address. Mostly because this could be used (depending
> on the platform that's implemented) to create a denial of service on
> the server, either intentionally or unintentionally.
>
> Calls could be:
>
> - inadvertantly bounced between supliers
Can be done with PSTN, what's special about doing it with VoIP?
> - sent to an unroutable address
I'm fairly sure you can do this with PSTN.
> - sent to an address (sip:a@b.com) that redirects to another address
> (sip:b@a.com) that redirects to the first address (sip:a@b.com), ergo,
> routing loop.
You can do this with PSTN.
> - plethora of other examples.
Any which are "impossible" to do on PSTN, or which otherwise make VoIP
special?
| |
| Thomas Sandford 2006-03-07, 5:45 pm |
|
"Ivor Jones" <ivor@despammed.invalid> wrote in message
news:475bbmFdooa3U1@individual.net...
>
>
> "Thomas Sandford" <${thomas/03$}@paradisegreen.co.uk> wrote
> in message news:440d684d$0$1174$5a6aecb4@news.aaisp.net.uk
>
> He said SIP *address* not SIP device. I read it as a number that could be
> directed to an *existing* SIP address.
>
> www.ipkall.com do this for US phone numbers, but I can't think of a UK
> equivalent offhand.
Ah - right - I do see the distinction (though I'm not convinced that the OP
wasn't asking the wring question in that case!). Gradwell _do_ provide the
type of forwarding you refer to:
http://www.gradwell.com/voip/asterisk.php
(it talks about asterisk, but the SIP inbound would/should work with any SIP
address).
[I dare say other providers exist, but I _know_ Gradwell do it].
--
Thomas Sandford
| |
| Ivor Jones 2006-03-07, 5:45 pm |
|
"Thomas Sandford" <${thomas/03$}@paradisegreen.co.uk> wrote
in message news:440da03c$0$1168$5a6aecb4@news.aaisp.net.uk
> "Ivor Jones" <ivor@despammed.invalid> wrote in message
> news:475bbmFdooa3U1@individual.net...
[snip]
>
> Ah - right - I do see the distinction (though I'm not
> convinced that the OP wasn't asking the wring question in
> that case!). Gradwell _do_ provide the type of forwarding
> you refer to:
> http://www.gradwell.com/voip/asterisk.php
>
> (it talks about asterisk, but the SIP inbound
> would/should work with any SIP address).
> [I dare say other providers exist, but I _know_ Gradwell
> do it].
Thanks, I hadn't spotted that. Pity there isn't a free one like ipkall
though ;-)
Ivor
| |
| Brian A 2006-03-07, 5:45 pm |
| On Tue, 7 Mar 2006 12:07:15 -0000, "Ivor Jones"
<ivor@despammed.invalid> wrote:
>
>
>"Thomas Sandford" <${thomas/03$}@paradisegreen.co.uk> wrote
>in message news:440d684d$0$1174$5a6aecb4@news.aaisp.net.uk
>
>He said SIP *address* not SIP device. I read it as a number that could be
>directed to an *existing* SIP address.
Ivor you are correct! That is exactly what I meant.
>
>www.ipkall.com do this for US phone numbers, but I can't think of a UK
>equivalent offhand.
Yes, it was something similar I was looking for.
Remove 'no_spam_' from email address.
| |
| Ivor Jones 2006-03-07, 8:45 pm |
|
"Brian A" <no_spam_bca1000@hotmail.com> wrote in message
news:b7qr025fuju6sl9fsa361vld73sirp62ig@
4ax.com
> On Tue, 7 Mar 2006 12:07:15 -0000, "Ivor Jones"
> <ivor@despammed.invalid> wrote:
[snip]
> Ivor you are correct! That is exactly what I meant.
I see from another post in this thread that Gradwell offer this, but it's
not free (£3/month).
Ivor
| |
| Richard Smith 2006-03-13, 2:45 am |
|
Paul Cupis wrote:
>
> Can be done with PSTN, what's special about doing it with VoIP?
Sure, however with the PSTN, this doesn't cause that much of a problem,
mostly due to the fact that PSTN interconnections are limited to a
fixed number of active channels.
You buy an E1 and your destination has an E1, assuming you're the only
person using those links, you're only going to be able to bounce a call
back and fourth 15 times before you get an engaged tone. So the
switching platform that the provider uses in between is safe and it's
unlikely to take out the entire exchange.
The reason VoIP is a unique case is because typically there aren't such
limits... And since SIP Packets are negligable network traffic the
probability of exhausting resources before bandwidth is nearer to 1.
>
> I'm fairly sure you can do this with PSTN.
Of course you can, however sending a call to a wrong number gives you
an NU tone. Whereas with voip, sending a number to an unroutable
address causes the outbound connection to do DNS lookups. DNS timeout +
someone flooding a destination with calls = resource shortage, ergo
Denial Of Service.
>
> You can do this with PSTN.
Yep, see comments above about available channels. On VoIP this will
loop endlessly until the platform runs out of resources to allocate.
This is exasperated by the fact that providers remove Via headers from
SIP packets to hide infrastructure.
>
> Any which are "impossible" to do on PSTN, or which otherwise make VoIP
> special?
Pretty much all of them... Mostly due to the PSTN having that small
property of bandwidth limitation.
--
Rich
| |
| Richard Smith 2006-03-13, 7:45 am |
|
Thomas Kenyon wrote:
> Err, with SIP isn't there generally a handover, so that only the
> endpoints are talking to each other? (maybe excluding RTP traffic).
You can set it up that way, however most ITSPs need to maintain control
of the call signalling, to cut you off when you go over credit for
example.
Don't forget that SIP-to-SIP calls cost money too, just not on the
magnitude of PSTN.
~ Rich
| |
| Paul Cupis 2006-03-13, 7:45 am |
| Richard Smith wrote:
> Paul Cupis wrote:
>
> Sure, however with the PSTN, this doesn't cause that much of a problem,
> mostly due to the fact that PSTN interconnections are limited to a
> fixed number of active channels.
>
> You buy an E1 and your destination has an E1, assuming you're the only
> person using those links, you're only going to be able to bounce a call
> back and fourth 15 times before you get an engaged tone. So the
> switching platform that the provider uses in between is safe and it's
> unlikely to take out the entire exchange.
>
> The reason VoIP is a unique case is because typically there aren't such
> limits... And since SIP Packets are negligable network traffic the
> probability of exhausting resources before bandwidth is nearer to 1.
So you are saying that a DoS can be caused on both VoIP and PSTN. That
is what I said.
>
> Of course you can, however sending a call to a wrong number gives you
> an NU tone. Whereas with voip, sending a number to an unroutable
> address causes the outbound connection to do DNS lookups. DNS timeout +
> someone flooding a destination with calls = resource shortage, ergo
> Denial Of Service.
Diverting a number to an unroutable PSTN destination and flooding the
destination with calls can also cause a resource shortage, unless the
originating telco is default-free.
>
> Yep, see comments above about available channels. On VoIP this will
> loop endlessly until the platform runs out of resources to allocate.
> This is exasperated by the fact that providers remove Via headers from
> SIP packets to hide infrastructure.
>
>
> Pretty much all of them... Mostly due to the PSTN having that small
> property of bandwidth limitation.
It seems that all the ones mentioned so far can be used to cause DoS on
both PSTN and VoIP.
| |
| Paul Cupis 2006-03-13, 7:45 am |
| Thomas Kenyon wrote:
> Richard Smith wrote:
>
> Err, with SIP isn't there generally a handover, so that only the
> endpoints are talking to each other? (maybe excluding RTP traffic).
There can be, but there doesn't have to be.
| |
| Theo Zourzouvillys 2006-03-13, 7:45 am |
|
(sorry if anyone got this twice, for some reason this message i posted
6 days ago never seemed to propogate - certianly not to google, so
re-posting)
Paul Cupis wrote:
>
> Can be done with PSTN, what's special about doing it with VoIP?
You can tell when a call has been diverted over ss7. RFC3261 doesn't
specifiy a way directly, only via the [CC-]Diversion header (which very
few vendors support as of yet, and doesn't have a ratified standard
last time i checked).
>
> I'm fairly sure you can do this with PSTN.
what about causing delays in DNS lookups, leading a invite server
transaction on verrry slowly, and lots of other things i've not thought
of so that you can consume stupid amounts of resouces?
combine that with the above, and the below, and you could have a lot of
"fun"!...
>
> You can do this with PSTN.
Can you explode a single call into 270 calls (that's
1,180,591,620,717,411,303,424 calls) in the PSTN? i'd be pretty
impressed if you could. you can with SIP, in very little time indeed
thanks to forking.
>
> Any which are "impossible" to do on PSTN, or which otherwise make VoIP
> special?
Lots and lots and lots and lots and ... lots. mostly all are related
to DOS attacks and the fact that many PSTN<->SIP gateways are so badly
designed i'm not going to discuss them here, but will happily explain
in person next time we bump into each other at a free pissup 
PSTN equipment has been around for many centuries, SIP has, in it's
current revision been around since June 2002 (minus the plethora of
extensions added since). That's not enough time to work out all the
security issues that are introduced in the complex networks that are
being built using SIP.
If you've got a single SIP device/gateway, you probably don't need to
care too much. If you have anything more, then you need to take a long
hard think about security issues SIP introduce, or we're going to be in
a pretty bad situation in a few years (if not sooner), once the black
hats realise the potential SIP has in aiding them. and don't just
think your vendor will think about these for you, because most i've
spoken to don't seem to care to much, as they're seemingly developing
with the target customers being in private networks.
SIP is NOT a Q931/SS7 replacement. don't try and compare the two.
~ Theo
| |
| Theo Zourzouvillys 2006-03-13, 7:45 am |
| > PSTN equipment has been around for many centuries
.... and of course, i did mean decades, not centruries :-)
~ Theo
| |
| Richard Smith 2006-03-13, 5:45 pm |
| Paul Cupis wrote:
>
> So you are saying that a DoS can be caused on both VoIP and PSTN. That
> is what I said.
No, what I'm saying is that it's alot easier to do it and cause severe
problems from the VoIP provider point of view. A denial of service for
a customer on an E1 is unlikely to kill the provider.
My original comments about denial of service and other phenomenon
stated that it was in direct relation to a service provider, and that
services providers worth their salt would not allow redirect to SIP
addresses.
Dragging my original comments out of context and twisting them around
to suit your needs, does not make you intelligent enough to understand
the concept. As Theo said, there are features and extensions to the SIP
RFCs that are potentially very damaging if taken advantage of. Forking
for example.
The amount of problems a user can cause on the PSTN is limited to the
amount of bandwidth they have available. Yes there are DOS attacks that
you *COULD* do on the PSTN, but their impact would be limited mostly to
the victim, and not the provider equipment and the provider would jump
down their throat as soon as they found out.
If you can demonstrate a situation where someone with an Analog Phone
can take out a BT exchange or NTL Exchange, then I will eat my hat[1].
Don't confuse ignorance with stupidity, and don't try to compare SIP
and VoIP to q.931/SS7.
~ Richard
[1] Although I may need to purchase one since I don't own a hat.
| |
| Paul Cupis 2006-03-13, 5:45 pm |
| Richard Smith wrote:
> Paul Cupis wrote:
>
> No, what I'm saying is that it's alot easier to do it and cause severe
> problems from the VoIP provider point of view. A denial of service for
> a customer on an E1 is unlikely to kill the provider.
I agree with the above.
It's seem that in general we are mis-understanding each other.
> My original comments about denial of service and other phenomenon
> stated that it was in direct relation to a service provider, and that
> services providers worth their salt would not allow redirect to SIP
> addresses.
Perhap I misread your original mail then, but I don't see why a company
would /not/ provide a service just because there is potential for DoS -
surely any service has this potential and service providers must work
to mitigate it and then build the remaining risk into their
product/price/terms.
> Dragging my original comments out of context and twisting them around
> to suit your needs,
[snip]
This was not my intent at all.
> The amount of problems a user can cause on the PSTN is limited to the
> amount of bandwidth they have available. Yes there are DOS attacks that
> you *COULD* do on the PSTN, but their impact would be limited mostly to
> the victim, and not the provider equipment and the provider would jump
> down their throat as soon as they found out.
Yes, I agree.
| |
| Neil Hampton 2006-03-13, 5:45 pm |
| If you create a free world dialup account you can get a free 0870 UK
pstn number directed to it from Xtra Phone:
http://www.freeworlddialup.com
http://www.xtraphone.com/fwd/
Not sure it is quite what you want since it only redirects to a FWD SIP
address.
Regards,
Neil.
Brian A wrote:
> Anyone know a cheap source of a DID number that can be diverted to SIP
> addresses ?
> Remove 'no_spam_' from email address.
| |
| Richard Smith 2006-03-13, 5:45 pm |
|
Paul Cupis wrote:
> Perhap I misread your original mail then, but I don't see why a company
> would /not/ provide a service just because there is potential for DoS -
> surely any service has this potential and service providers must work
> to mitigate it and then build the remaining risk into their
> product/price/terms.
People have been working on this problem for a while now, and the only
viable solution that could be thought of in terms of a short term fix,
is to deny redirects from PSTN to SIP Addresses on the basis that it
near impossible to adequitely secure SIP transactions.
If you knew some of the interesting gotchas that we've come accross,
then we'd not be having this discussion.
No-one really knows SIP. It's a fairly new technology in the grand
scheme of things, and it's not even finalised. There are so many
goodies that turn into gotchas that it's virtually impossible to ensure
that devices handling/routing SIP transactions are secure to a point
where redirects can be allowed.
> This was not my intent at all.
I beg your forgivness, today has not been the easiest of days.
>
> Yes, I agree.
Excellent. Perhaps a discussion about the the relative security
problems SIP poses is required at the next pissup.
~ Rich
|
|
|
|
|