Inter-Asterisk eXchange

Inter-Asterisk eXchange
Communication protocol
Abbreviation	IAX
Purpose	VoIP
Developer(s)	Mark Spencer
Introduction
Influenced	IAX2
OSI layer	Application layer
Port(s)	4569
RFC(s)	RFC 5456

Last updated September 16, 2023

Inter-Asterisk eXchange (IAX) is a communications protocol native to the Asterisk private branch exchange (PBX) software, and is supported by a few other softswitches, PBX systems, and softphones. It is used for transporting voice over IP telephony sessions between servers and to terminal devices.

Basic properties

IAX is a binary-encoded voice over Internet protocol (VoIP) that is used for streaming media, but is primarily designed for IP voice calls.

IAX uses a single User Datagram Protocol (UDP) data stream and port number, by default 4569, between endpoints for both session signaling and media payloads. This feature provides benefits for traversing network address translators at network boundaries, as it simplifies firewall configuration. Other VoIP protocols typically use independent channels for signaling and media, such as the Session Initiation Protocol (SIP), H.323, and the Media Gateway Control Protocol (MGCP), which carry media with the Real-time Transport Protocol (RTP).

IAX supports trunking, multiplexing channels over a single link. When trunking, data from multiple sessions are merged into a single stream of packets between two endpoints, reducing the IP overhead. This is advantageous in VoIP transmissions, in which IP headers use a large fraction of bandwidth.

IAX2 supports native encryption of both control and media streams using AES-128.

Origin

Both versions of the IAX protocol were created by Mark Spencer and much of the development was carried out in the Asterisk open-source community.

Goals

The primary goals for IAX are to minimize bandwidth used in media transmissions, and to provide native network address translation (NAT) transparency. It was intended to be easy to use behind firewalls.

Drawbacks

Awkward extensibility: Due to the lack of a generic extension mechanism, new features have to be added in the protocol specification, which makes the protocol less flexible than H.323, SIP, and MGCP.
Vulnerability: Older implementations of IAX2 were vulnerable to resource exhaustion DoS attack methods that are available to the public.^{[ citation needed ]} While no solutions existed for these issues, the best practices included limiting UDP port access to specific trusted IP addresses. Internet-facing IAX2 ports are considered vulnerable and should be monitored closely. The fuzzer used to detect these application vulnerabilities was posted on milw0rm.^[2] and is included in the VoIPer development tree.^[3] These issues were briefly mentioned in the IAX RFC 5456 on page 94. This flaw does not exist in up-to-date installations.^[4]

Related Research Articles

The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telephone systems, as well as mobile phone calling over LTE (VoLTE).

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.

Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for voice calls, the delivery of voice communication sessions over Internet Protocol (IP) networks, such as the Internet.

A media gateway is a translation device or service that converts media streams between disparate telecommunications technologies such as POTS, SS7, Next Generation Networks or private branch exchange (PBX) systems. Media gateways enable multimedia communications across packet networks using transport protocols such as Asynchronous Transfer Mode (ATM) and Internet Protocol (IP).

Asterisk is a software implementation of a private branch exchange (PBX). In conjunction with suitable telephony hardware interfaces and network applications, Asterisk is used to establish and control telephone calls between telecommunication endpoints, such as customary telephone sets, destinations on the public switched telephone network (PSTN), and devices or services on voice over Internet Protocol (VoIP) networks. Its name comes from the asterisk (*) symbol for a signal used in dual-tone multi-frequency (DTMF) dialing.

<span class="mw-page-title-main">Analog telephone adapter</span>

An analog telephone adapter (ATA) or FXS gateway, is a device for connecting traditional analog telephones, fax machines, and similar customer-premises devices to a digital telephone system or a voice over IP telephony network.

The Gateway Control Protocol is an implementation of the media gateway control protocol architecture for providing telecommunication services across a converged internetwork consisting of the traditional public switched telephone network (PSTN) and modern packet networks, such as the Internet. H.248 is the designation of the recommendations developed by the ITU Telecommunication Standardization Sector (ITU-T) and Megaco is a contraction of media gateway control protocol used by the earliest specifications by the Internet Engineering Task Force (IETF). The standard published in March 2013 by ITU-T is entitled H.248.1: Gateway control protocol: Version 3.

A session border controller (SBC) is a network element deployed to protect SIP based voice over Internet Protocol (VoIP) networks.

Interactive Connectivity Establishment (ICE) is a technique used in computer networking to find ways for two computers to talk to each other as directly as possible in peer-to-peer networking. This is most commonly used for interactive media such as Voice over Internet Protocol (VoIP), peer-to-peer communications, video, and instant messaging. In such applications, communicating through a central server would be slow and expensive, but direct communication between client applications on the Internet is very tricky due to network address translators (NATs), firewalls, and other network barriers.

The SIP URI scheme is a Uniform Resource Identifier (URI) scheme for the Session Initiation Protocol (SIP) multimedia communications protocol. A SIP address is a URI that addresses a specific telephone extension on a voice over IP system. Such a number could be a private branch exchange or an E.164 telephone number dialled through a specific gateway. The scheme was defined in RFC 3261.

An application-level gateway is a security component that augments a firewall or NAT employed in a computer network. It allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer "control/data" protocols such as FTP, BitTorrent, SIP, RTSP, file transfer in IM applications. In order for these protocols to work through NAT or a firewall, either the application has to know about an address/port number combination that allows incoming packets, or the NAT has to monitor the control traffic and open up port mappings dynamically as required. Legitimate application data can thus be passed through the security checks of the firewall or NAT that would have otherwise restricted the traffic for not meeting its limited filter criteria.

<span class="mw-page-title-main">H.323</span> Audio-visual communication signaling protocol

H.323 is a recommendation from the ITU Telecommunication Standardization Sector (ITU-T) that defines the protocols to provide audio-visual communication sessions on any packet network. The H.323 standard addresses call signaling and control, multimedia transport and control, and bandwidth control for point-to-point and multi-point conferences.

T.38 is an ITU recommendation for allowing transmission of fax over IP networks (FoIP) in real time.

An INVITE of Death is a type of attack on a VoIP-system that involves sending a malformed or otherwise malicious SIP INVITE request to a telephony server, resulting in a crash of that server. Because telephony is usually a critical application, this damage causes significant disruption to the users and poses tremendous acceptance problems with VoIP. These kinds of attacks do not necessarily affect only SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. The DoS attack can also be transported in other messages than INVITE. For example, in December 2007 there was a report about a vulnerability in the BYE message by using an obsolete header with the name "Also". However, sending INVITE packets is the most popular way of attacking telephony systems. The name is a reference to the ping of death attack that caused serious trouble in 1995–1997.

UNIStim is a deprecated Telecommunications protocol developed by Nortel for IP Phone and IP PBX communications.

An IP PBX is a system that connects telephone extensions to the public switched telephone network (PSTN) and provides internal communication for a business. An IP PBX is a PBX system with IP connectivity and may provide additional audio, video, or instant messaging communication utilizing the TCP/IP protocol stack.

The Media Gateway Control Protocol (MGCP) is a telecommunication protocol for signaling and call control in hybrid voice over IP (VoIP) and traditional telecommunication systems. It implements the media gateway control protocol architecture for controlling media gateways connected to the public switched telephone network (PSTN). The media gateways provide conversion of traditional electronic media to the Internet Protocol (IP) network. The protocol is a successor to the Simple Gateway Control Protocol (SGCP), which was developed by Bellcore and Cisco, and the Internet Protocol Device Control (IPDC).

A softphone is a software program for making telephone calls over the Internet using a general purpose computer rather than dedicated hardware. The softphone can be installed on a piece of equipment such as a desktop, mobile device, or other computer and allows the user to place and receive calls without requiring an actual telephone set. Often, a softphone is designed to behave like a traditional telephone, sometimes appearing as an image of a handset, with a display panel and buttons with which the user can interact. A softphone is usually used with a headset connected to the sound card of the PC or with a USB phone.

The media gateway control protocol architecture is a methodology of providing telecommunication services using decomposed multimedia gateways for transmitting telephone calls between an Internet Protocol network and traditional analog facilities of the public switched telephone network (PSTN). The architecture was originally defined in RFC 2805 and has been used in several prominent voice over IP (VoIP) protocol implementations, such as the Media Gateway Control Protocol (MGCP) and Megaco (H.248), both successors to the obsolete Simple Gateway Control Protocol (SGCP).

References

↑ RFC 5456, page 1: "Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind."
↑ Cornell, Blake. "udp IAX protocol fuzzer". milw0rm. Archived from the original on 2010-02-14.
↑ Cornell, Blake (2009-05-19). "udp IAX protocol fuzzer". VoIPER : VoIP Exploit Research toolkit. Retrieved 2013-05-28.
↑ Russell Bryant (2009-09-03). "Asterisk Project Security Advisory - AST-2009-006". Asterisk . Retrieved 2013-05-28.

External links

RFC 5456 IAX: Inter-Asterisk eXchange Version 2
RFC 6315 IANA Registration for Enumservice 'iax'
Boucadair, Mohamed (February 2009). Inter-Asterisk Exchange (IAX): Deployment Scenarios in SIP-Enabled Networks. Wiley. ISBN 978-0-470-77072-6.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] RFC 5456, page 1: "Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind."

[2] Cornell, Blake. "udp IAX protocol fuzzer". milw0rm. Archived from the original on 2010-02-14.

[3] Cornell, Blake (2009-05-19). "udp IAX protocol fuzzer". VoIPER : VoIP Exploit Research toolkit. Retrieved 2013-05-28.

[4] Russell Bryant (2009-09-03). "Asterisk Project Security Advisory - AST-2009-006". Asterisk . Retrieved 2013-05-28.

[1]

[2]

[3]

[4]