Knowledge

Block unwanted SIP traffic efficiently

Block unwanted SIP traffic

Blocking SIP traffic manually is a reactive procedure, in the absence of smart tools, being pro-active is nearly impossible, it is common if you’re only reacting to a SIP attack then the damage of different types is already done.

The Challenge of blocking SIP traffic

It is no secret that attackers are pretty smart programmers, commonly attackers use sophisticated tools that scan virtually any network and perform the SIP attacks automatically.

in this context, the same attacker IP address is usually seen by several servers and networks, once these tools identify a vulnerability it’ll start attacking you immediately.

When manually blocking unwanted SIP traffic, our internal data shows that we are more likely to perform SIP blocking after an alert is triggered, for example, alarms start triggering on your resources for Disk space, CPU, Memory utilization while the legit traffic has not increased.

Another operational challenge is when a SIP provider has many nodes that they manually manage, blocking an IP address one node means you have to re-deploy the same rules across the board. Management by hand is a time-consuming process whereas software-defined Automation is fast

Case Study

Recently while working with a vendor and had the sngrep tool open, we noticed many hits coming from unknown IPs, all the attempts were rejected by TCXC‘s `Authentication, Authorizations ` module, however, those attempts still consumed Disk space, CPU, and memory as they kept coming.

We went ahead and blocked the unwanted IP address manually in IP tables and repeated the same across our servers, that’s when we thought it would be a good opportunity to verify and test if this attacker’s IP was already detected by APIBan’s SIP honeypots, an open-source project that we recently heard about at Tadhack 2021.

Continue reading…

Building a SIP Registrar with Jambonz

Introduction

Since inception of the TelecomsXChange (TCXC) platform, it was designed for wholesale communication service providers that did not require SIP registration to send traffic, so we never had the need to add SIP Registrar to the SIP Stack. Recently, two of our enterprise customers had change in their infrastructure and no longer will be able to send traffic from without SIP registration, so they asked us to enable SIP registration for them on TCXC platform.

To deal with this request we had two choices here:

1- Add a SIP registrar module to the TCXC Platform.

2- Say no to the customer and let them go.

We really did not want to deal with adding SIP registration module to the platform for several security and performance reasons, but at the same time we did not want to say no to our customers. But still needed a way to serve them without the overhead of adding SIP Registrar to the platform.

To solve this, we thought what if we can move SIP registration to the edge using CPaaS and simply route the customer calls to TCXC for completion using a SIP trunk between CPaaS and TCXC.

Continue reading…

Cloud BYOC for Twilio, Zoom Phone, and other cloud communications providers

About Twilio BYOC

Using the Twilio bring your own carrier (BYOC) feature is great and gives you a higher level of freedom in controlling your call quality on the carrier side of things. Using this feature you no longer need to be blind to what happens after you initiate a phone call via programmable voice, or Zoom Phone UI.

On the other hand, we have noticed that when scaling up your BYOC trunks things get very messy and lack advanced routing control like least cost routing (LCR), Weighted distribution, etc… Especially for developers who do not have a Session Border Controller (SBC), or short message service center (SMSC) sitting between the Cloud Communication provider and the end carrier(s).

Continue reading…

How To Buy Bahrain Toll Free Number in 2 Minutes!

Bahrain Toll-Free +973800xxxxx

The demand for cloud communications and virtual numbers has grown significantly in the recent months, in this blog we’ll show you how to buy Bahrain Toll-Free phone number and point it to your IP-PBX (SIP network) in minutes.

  • Login to TelecomsXChange Buyer Portal here
  • Navigate to DID Menu then click on Market View as shown below
  • In Market View page, enter Bahrain country code or name and click search as shown in the below image.
Continue reading…

How To Block Anonymous & Origin Based Caller IDs in TCXC

Recently the traffic originated from certain countries terminating in the some destination networks will be priced $10 in some cases. To avoid this issue we sellers may use the below feature to block such traffic originating from certain CLIDs.

Example of  caller id surcharge applied:

Please be aware that networks in SAUDI ARABIA, UNITED ARAB EMIRATES and TURKEY MOBILE TURKCELL are charging   for calls sent with a blank or manipulated CLI.  

Soon carriers will also take the necessary precautions to ensure that any traffic with “no CLI” or “short CLI” are priced 10 $, however if a call is sent with what appears to be a valid A number, but is later shown by the terminating network to be a manipulated or modified A number (e.g. over-stamped), they reserve the right to recalculate the billing for those calls. You may buy a phone number and use it when sending out calls if you’re unsure if your caller ids are:

Continue reading…
%d bloggers like this: