ECG Blog 200 OK

ECGSA-18A: Evidence of Botnet-assisted SIP Attacks exploiting SIP-UA Configuration Files for traffic pumping fraud

Original Release Date: September 19, 2018. Updated 18:19 UTC Systems Affected SIP Service Providers and Enterprises Background & Description SIP based Enterprises and Service Providers (SIP Operators) that provide SIP UA configuration files (such as for Cisco, Polycom, Yealink, Mitel devices), but which do not authenticate those downloads effectively, are vulnerable to attack by...


BroadWorks Data Center Moves Made Easy (as possible)

Many BroadWorks service providers are migrating to new data centers and cloud hosting providers. This change brings many aspects into consideration, such as Rollback recovery options Managing BroadWorks Configurations Choosing Operating System versions To look more into the migration, Mark Lindsey spoke with ECG AMTS Ashley Lee for a Q&A. Ashley is an ECG Associate Member of Technical Sta...


Outage-Ready: Networks Ready for Anything

Network Outages are going to happen. The marketing department talks about Zero Outages -- and that's a great goal to have. But as the pragmatic engineering and operations team, you can prepare for outages to prevent them and to remediate instantly. Skip the Pretend Redundancy Detect and Triage Faults PCAP: Packet capture Ready for Remote Testing Logging Enabled & Synchronized Prepare the h...


Capturing Every Last Packet - On Linux

Capturing packets and not missing a lot of them can be hard. If you're monitoring TLS (including SIP over TLS), you need every single packet to be able to decode it. Many of us have a Linux server for doing our captures. There are some great tools like gulp and n2disk (among other great work on this subject from Luca Deri). But on a vanilla Linux machine, using whatever Ethernet interfaces you ...


Nine DNS Mistakes Voice & UC Providers Are Making

"DNS is one of those things that gets overlooked… You make your voice servers super-redundant, but you take it for granted that DNS will always work." — Fonality The Domain Name System (DNS) conventionally helps devices convert domain names, like VoIPCarrier.com, to IP addresses, like 216.128.128.50. But in Voice and Unified Communication (UC) services, it serves an additional key role i...


Space Probes and SIP Phones: Successful Device Launches with BroadWorks

Careful testing is crucial for stability before launching new SIP Access Device models The Product Definition must be baked into the Test Plan used to approve the device, & new software for it Customer Technical Support teams need extensive early access to devices  before they are deployed Space Probes are designed to be sent far away, beyond our reach. They run software, and send back d...


SIP and Fragments: Together Forever?

IP Fragmentation of SIP Messages is an enduring source of trouble. Fragmentation of SIP traffic is a problem on the rise. It appears when everything has been working fine, and seemingly without cause,  some SIP messages are lost in the network. The result is a frustrating scenario where some SIP messages are delivered fine, but others are not. To explain SIP fragmentation, let's start at the be...


Interop I: SIP Number Formatting: Local, National, E.164, Oh My!

  When we teach classes on VoIP networks, we discuss the variety of SIP standards that can be used by working systems. For example, identifying the calling party varies between platforms: One system uses P-Asserted-Identity to indicate the caller, and another uses From. Then there's the codec used for audio: One system uses G.722 and another uses G.722.2. One system expects national telephone n...


Using SIP to Block Robocalling: On the Telephone, Nobody Knows You're a Robot

Robocalling, enabled by VoIP, causes real social harm Filtering based on Caller ID brings some temporary relief The telecom industry has real work ahead to protect Caller ID with STIR VoIP Drove down the cost of making phone calls. We love that about VoIP: free long distance! In the telecom industry now, the idea that calls within a country would cost a retail user more than local calls seems...


Mentoring IT Professionals: Start by Answering Questions.

Committing time to answer questions is the crucial first step This is Part 3 in my Series on Supporting/Managing Engineers Configuring bridging, building bridges Unlike software, systems, network, and voice engineering, regulated engineering disciplines require licensing. According to the National Society of Professional Engineers, a college engineering graduate candidate can "begi...


Work Flows Up: Effectively Distributing Work on a Team of Engineers

Sometimes junior technical staff are starved for interesting work while senior staff are overworked This is Part 2 in my Series on Supporting/Managing Engineers If a team has lots of technical work to do, and only a few brilliant engineers available, how do you get work to the right people? In this article, I discuss methods for managing work in IT and technology teams, such as those doing Netw...


Mentoring Junior Engineers is Worthwhile

Most experienced professionals value the opportunity to mentor others; not so for some elite technologists To enable more people in a technical team to do work, more people have to know how to do it. But for many engineers, training doesn't come natural. This is Part 1 in my Series on Managing Engineers Is one-on-one training a rational activity, or just a feel-good strategy from the HR departm...


BroadWorks CDR Decoder

If you use BroadWorks with CSV CDRs, you're probably accustomed to reading these: 00255943365CF3FC1CF15820160404194616.3061-040000,ECG,Normal,+12296543428,+19125293400,Originating,+12296543428,Public,+12296543409,20160404194616.306,1-040000,Yes,20160404194624.106,20160404194650.684,016,VoIP,,3409,private,,,,local,Group,,PCMU/8000,216.128.52.5,fd390cb4-eb6d3d15-f8fb7fd2@10.23.6.217,,,,Herme...


Polycom and Adtran AOS Geo-Redundancy Support

Background The Polycom SoundPoint IP SIP Phones and Adtran IADs are used for Hosted IP PBX Access Devices, managed by the BroadWorks platform. In a non-geographically-redundancy network, the devices use SIP to register to a single SIP SBC IP address. To support geographic redundancy of SBCs, the devices must support registration to multiple IP addresses. It must select the proper IP address in...


See only a Sampling of RTP frames in a Wireshark Packet Capture

Question: How do you make a display filter that filters out most RTP frames, but leaves a representative sample? Sometimes it's convenient to see a sampling of RTP frames in Wireshark, without having to see 50 per second. Answer: Rather then see 50 frames per second for every RTP flow, how about one frame every 5 seconds? Wireshark display filter: rtp[3:1]==0 or rtp.marker==1 Shows an RTP pa...