[Dshield] VOIP 911 (was: My Dream ISP)

Johannes B. Ullrich jullrich at sans.org
Sun Jan 15 16:13:56 GMT 2006


Valdis.Kletnieks at vt.edu wrote:

>On Sat, 14 Jan 2006 21:09:51 EST, "Christensen, Eric" said:
>
>  
>
>>system works and they are the ones that get hurt.  It is a very simple
>>system that is needed to all VoIP users to be able to dial 911 
>>    
>>
>
>  
>
There is a big disconnect between marketing and technical ability. Lets
start on the "physical" layer:
You are replacing a pair of copper cables with packets, switches,
routers, software (and well, maybe a different a pair of copper cables).
VoIP will never be as reliable as POTS (Plain old Telephone Service).

In addition: Read your ISP contract. More likely then not, you are
guaranteed "best effort" service. if it is to costly for the ISP to
maintain your connection, they essentially can just tell you to get lost.

POTS on the other hand is regulated, and the companies may face fines if
they do not maintain certain network performance.

Now marketing on the other hand tells a different story: "no geeks
required" as Vonage says. For the consumer: If it looks like a phone, it
should work like a phone. Recently, some of them at least provided
stickers warning people that the phone may not provide 911 service.

There is another issue: "Reverse 911". In the area I live, emergency
services have the ability to call everyone in a particular neighborhood.
I live close to a large hospital, and they used this system a couple
times if an Alzheimer patient went missing. Of ocurse, they only call my
POTS line, not my VoIP line (which *should* have 911 service registered
to the same address. never tried that).

Thats said: I use VoIP... I got relatives in China and Europe. Calling
them via VoIP makes it much cheaper. I also moved recently from Boston
MA to Jacksonville FL and was able to keep my numbers (which kind of
tells you where the 911 issues come in). Call quality is equivalent to
POTS most of the time. Availability has been ok, but not as good as POTS
(or cell phone). I do keep a cell phone and a POTS line as backup.





>In fact, the system to get VoIP to support E911 is anything *but* simple.
>
>Consider Peter Dambier's comment on the NANOG mailing list:
>
>  "Skype and public domain telefones dont know about location, nor will they ever
>  learn.
>
>  The only place where somebody could catch a 911 call is at a sip server.
>
>  The sip server does not know about the INAIC in Newyork connecting me via
>  tunnel from Germany. If they traced me they would find my IPv6 tunnel endpoint
>  in Japan.
>
>  Where to connect me? The Newyork police probably does not speak German. In
>  Germany emergency calls are 110 not 911. If they connected me to Tokio police,
>  they dont speak german either."
>
>OK.. Got that?  He's in Germany, tunneled via Japan, with a NYC provider..
>
>If I take my laptop on the road, and make a Skype call from a hotel in
>San Francisco, routed over a VPN back to my office, what time zone do you
>land the E911 info in? The VPN server at my office? That's 3,000 miles wrong.
>My laptop? It's got a 10/8 NAT address, and has no idea where it is.  The hotel's
>IP address? Nice try - my laptop doesn't know its external IP or street address,
>and the hotel's NAT box doesn't know I'm doing VoIP because it's over a VPN...
>
>Repeat - but now I'm in seat 34E on an Airbus somewhere between Dulles and SFO,
>running VoIP over a modem hooked into the Skyphone service. (If I'm using it to
>download something urgent, and need to make a quick phone call to check
>something, a second VoIP network connection may be more time-effective than
>hanging up the download, calling, then resuming the download).  Remember - you're
>required to provide E911 even if there's no reasonable expectation you'll use it..
>
>Or my laptop is on a truck somewhere in Wyoming, well outside cell phone service
>area, but I have a satellite uplink...
>
>(And yes, these are all *real* usage situations I've seen people do - and
>the "100% coverage" requirement means these are supposed to have E911....)
>
>Doing E911 for the average non-mobile residential user that you have a street
>address for billing purposes isn't that hard. The corner cases are
>*impossible*.
>
>  
>
>------------------------------------------------------------------------
>
>_________________________________________
>Learn about Intrusion Detection in Depth from the comfort of your own couch:
>https://www.sans.org/athome/details.php?id=1341&d=1
>
>_______________________________________________
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>  
>


-- 
---------      
Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
http://isc.sans.org
PGP Key: https://secure.dshield.org/PGPKEYS 

"We use [isc.sans.org] every day to keep on top of 
 security at our bank" Matt, Network Administrator. 
       

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20060115/655170f1/signature.bin


More information about the list mailing list