When an Internet Protocol (IP) telephony system establishes a VoIP telephone call between a calling telephony device and a called telephony device, it is common for data packets bearing the call setup signaling to traverse a first path between the calling telephony device and the called telephony device, and for data packets bearing the media of the call to traverse a second path between the calling telephony device and the called telephony device. Often, the IP telephony system will designate a media relay that is in direct communication with the calling and called telephony devices to pass data packets bearing the media back and forth between the calling and called telephony devices.
When a media relay is used to help communicate the data packets bearing the media of a call, the IP telephony system designates a specific port of the media relay for this purpose. The call setup signaling sent to the calling and called telephony devices informs the calling and called telephony devices of the IP address and designated port of the media relay so that the calling and called telephony devices know where to send data packets bearing the media of the call. Once the call commences, the designated port of the media relay receives data packets from the called telephony device and forwards those packets to the called telephony device, and vice versa.
If the IP telephony system could ensure that the data packets bearing the media of the call would be sent from the same IP addresses as the call setup signaling used to initiate the call, then the IP telephony system could simply inform the media relay of those IP addresses. The specified port of the media relay could then receive and forward data packets sent only from those specified IP addresses, and the specified port of the media relay could ignore any other data packets that arrive from other alternate IP addresses. This would prevent a hacker from fraudulently using the media relay.
Unfortunately, it is possible for some telephony devices to establish two independent communication sessions, a first for data packets bearing the call setup signaling, and a second for the data packets bearing the media of the call. Those two communication sessions can originate from different IP addresses. Because of this fact, the media relay cannot afford to simply ignore data packets that originate from a different IP address than the call setup signaling. If the media relay operated in that fashion, the media relay might be ignoring the data packets bearing the media of the call. Accordingly, the call would fail.
For example, the calling telephony device could be a mobile telephony device that accesses a data network via a cellular service provider. In many instances, it is possible for a single mobile telephony device to be conducting multiple communication sessions via data channels provided by the cellular service provider, and for each communication session to be assigned a different temporary IP address. Thus, the mobile telephony device could end up sending the call setup signaling via a first communications channel having a first IP address, and for the mobile telephony device to communicate the media of the call via a second communications channel having a second IP address.
In another instance, a call may be setup through a first communications card within a proxy server or a gateway. If the call is put on hold, the proxy server or gateway may release the resources originally used to conduct the call so that those resources can be used for other calls. When the call is taken off hold, the call may be assigned to a new card within the proxy server or gateway, and the new card would have a different IP address. Thus, when the call begins, data packets bearing the call setup signaling and the media of the call may originate from a first IP address. But partway through the call, data packets bearing the media of the call may begin to originate from a second, different IP address.
In still other instances, a mobile telephony device may be present in a location where it can establish communication sessions with multiple wireless access points. This would allow the mobile telephony device to establish two wireless data connections, one through a first wireless access point having a first IP address, and a second through a second wireless access point having a second IP address. In this instance, the mobile telephony device might use the first wireless data connection to communicate the call setup signaling for a call, and then use the second wireless data connection to communicate data packets bearing the media of the call.
Additionally, if media relays are configured so that they are willing to forward any data packets they receive, regardless of the originating IP address, the media relays would be subject to abuse from hackers. Once a hacker learns the IP address and one or more port numbers of such a media relay, the hacker could cause the media relay to forward data traffic without paying for the service. To prevent this type of abuse, many companies that operate or use media relays create blacklists of originating IP addresses that are assumed to be bad actors. If a media relay receives a data packet having an originating IP address that is on the blacklist, the data packet is discarded.
While the use of blacklists is helpful in preventing fraud and abuse of media relays, the blacklists are never completely comprehensive. Also, hackers can avoid this countermeasure by constantly shifting the originating IP addresses they use to communicate data packets. As soon as a hacker learns that a first originating IP address has been added to a blacklist, the hacker simply shifts to a different originating IP address.
There is a need for systems and methods of preventing fraudulent uses of media relays that also allow for data packets bearing the media of a call to originate from a different IP address than data packets bearing the call setup signaling. Preferably, such systems and methods will also allow the originating IP address of the data packets bearing the media of a call to change partway through the call, if there are valid reasons for such a change.