What if she is trying to call her bank and an attacker is redirecting her to another SIP server where there is a similar call center or IVR? (Okay, leaving aside the fact that at this moment you may not be able to make SIP connections to many banks… but that is changing slowly.) Alice’s SIP software will then connect to those IP addresses to send the appropriate SIP INVITE to start a conversation with Bob.īut how does Alice’s software know that the SRV records retrieved from DNS are correct? How can it know that they were not tampered with? These records will provide the IP address(es) of the SIP server on Bob’s side. To step back and explain a bit further, if Alice wants to call Bob (to be cliche), and she knows his SIP address is “sip: ”, her SIP client, IP-PBX or other SIP server (depending upon configuration) is going to perform a DNS lookup on “” to retrieve the relevant SRV records. The DNSSEC code itself was implemented by Ingo Bauersachs from this university.Įssentially what Jitsi now does if you enable DNSSEC is to validate the signing of the SRV records in DNS that provide the address information for the remote end of the SIP or XMPP connection. Jitsi has supported SIP and XMPP over IPv6 for quite some time now, but with this new release adds support of DNSSEC courtesy, I learned, of some funding from the NLnet Foundation and the University of Applied Sciences and Arts Northwestern Switzerland (FHNW). It’s also free and the source code is all available. It works with the SIP (Session Initiation Protocol) and XMPP (Jabber) protocols and connects to common services like GoogleTalk, AIM, Yahoo!Messenger, Facebook chat, etc. Jitsi has a great range of features including support for voice and video calls, chat/IM, desktop sharing, conference calls, wideband audio and much more. Jitsi, formerly known as the “SIP Communicator”, is available for Windows, Mac OS X or Linux from: With it’s 1.0 release last week, the Jitsi soft phone became the first VoIP client I know of to support DNSSEC.
0 Comments
Leave a Reply. |