Protocols Used by VoIP

A number of protocols are utilized in VoIP communications. As we explore further, you will find that certain protocols have rather comprehensive methods and functions. This potentially increases the probability for exploitation due to the number of error paths and use-case scenarios that can be generated. The most common protocols used by VoIP are:

• Session Initiation Protocol (SIP)
• Media Gateway Control Protocol (MGCP, Megaco, or H.248)
• H.323

• Transport Layer Security (TLS)
• Datagram TLS (DTLS)
• Secure Real-time Transport Protocol (SRTP)
• Zimmermann Real-time Transport Protocol (ZRTP)

• Proxy server An intermediary entity that acts as both a server and a client for the purpose of making requests on behalf of other clients.
• Registrar server A SIP server that can authenticate and register user agents.
• Redirect server A user agent server that generates SIP 3xx responses to requests it receives, directing the client to contact an alternative set of URIs.
• User agent (UA) Can be a soft client or a hard phone that supports the SIP protocol. The user agent can originate or terminate calls.The SIP protocol defines several methods:

• SIP method invite Invite another UA to a session
• SIP method invite re-invite Change a running session
• SIP method register Register a location with a SIP registrar server
• SIP method ack Facilitate reliable message exchange for INVITEs
• SIP method cancel Cancel an invite
• SIP method bye Hang up a session
• SIP method options Features supported by the other side

The SIP protocol defines several responses:

• 1xx Informational 100 Trying, 180 Ringing
• 2xx Successful 200 OK, 202 Accepted
• 3xx Redirection 302 Moved Temporarily
• 4xx Request Failure 404 Not Found, 482 Loop Detected
• 5xx Server Failure 501 Not Implemented
• 6xx Global Failure 603 Decline

The following are SIP method extensions as defined in other RFCs:
• SIP method info Extension in RFC 2976
• SIP method notify Extension in RFC 2848 PINT
• SIP method subscribe Extension in RFC 2848 PINT
• SIP method unsubscribe Extension in RFC 2848 PINT
• SIP method update Extension in RFC 3311
• SIP method message Extension in RFC 3428
• SIP method refer Extension in RFC 3515
• SIP method prack Extension in RFC 3262
• SIP specific event notification Extension in RFC 3265
• SIP message waiting indication Extension in RFC 3842
• SIP method publish Extension is RFC 3903

Megaco H.248
Megaco H.248 (Media Gateway Control Protocol) is documented in RFC 3525 and is recognized as a standard. Megaco H.248 defines the protocol for media gateway controllers to control media gateways for the support of multimedia streams across networks. This protocol is text based, making it easy to modify and analyze from an attacker’s point of view.

H.323 is a widely implemented recommendation published by the International Telecommunication Union Telecommunication Standardization Sector (ITU-T). This recommendation provides a foundation for multimedia communications (audio, video, and data) over packet-based networks (PBNs). The PBN over which H.323 entities communicate may be a point-to-point connection, a single network segment, or an internetwork that has multiple segments with complex topologies.

H.323 is composed of the following protocols:

• Digital Video Broadcasting (DVB) Defines a set of open standards for digital television
• H.225 Covers narrow-band visual telephone services
• H.225 Annex G Describes methods to allow address resolution, access authorization, and usage reporting H.323 systems
• H.225E Describes a packetization format and a set of procedures that can be used to implement UDP- and TCP-based protocols.
• H.235 Covers security and authentication
• H.323SET Describes the standards for simple endpoint types in H323

• H.245 Negotiates channel usage and capabilities
• H.450.1 Defines supplementary services for H.323
• H.450.2 Covers Call Transfer supplementary services for H.323
H.450.3 Covers Call Diversion supplementary services for H.323
• H.450.4 Covers Call Hold supplementary service
• H.450.5 Covers Call Park supplementary service
• H.450.6 Covers Call Waiting supplementary service
H.450.7 Covers Message Waiting Indication supplementary service
• H.450.8 Covers Calling Party Name Presentation supplementary service

• H.450.9 Covers Completion of Calls to Busy Subscribers supplementary service