BHARAT SANCHAR NIGAM LIMITED Affix self

(www.bsnl.co.in) signed passport

size photograph
FORM FOR NEW SIP TRUNK CONNECTION (required for
(Please read the instructions before filling the form)
ISD facility
only)

1. Status of Customer: Individual Statutory Body Govt. PSU Company Pub. Institution
Foreign National Partnership Proprietorship Trust ISP Society Association
2. Type of Connection: SIP 3. Purpose: Business
Trunk
4. Title/ Name of the Customer/ Company/ Firm/ Organization (SURNAME FIRST)

5. Name of Father/ Husband/ Group/ Proprietor/ Partner(s)

6. 7. Telephone No. working, if any:

PAN/GIR/GSTI
N No:
(Please see Instruction # 2)
8. Complete Postal Address
House No Street/ Road/ Village
Bldg./Appt.
Area/ Locality/ Tehsil
City/ District Pin
9. Billing/ Correspondence Address (if different from 8 above)

10 E-mail address (Customer): _____________@____________ (Password and VPN Certificates/Keys will be sent to this customer email id
and shall be responsible for all customer end security compliances)

11. Type of connectivity preferred:

MPLS Internet
12. If preferred connectivity is Internet: (tick whether internet provider is BSNL or Others and provide IPv4 address)
A. BSNL Other
B. Static IPv4 address
13. If preferred connectivity is BSNL Internet: (tick media type)
A. FTTH Lease Line
B. Customer Id / Service Id
14. Call Direction:
A. Inbound & Outbound Calling

B. Only Outbound Calling

C. Inbound Calling with BSNL IN No. (1800/1860)

D. Inbound Calling with Short Code (DoT allotted)

15. Facilities required (tick whichever is required):

STD ISD

1
16. Pulse Rate (tick whichever is required)
60 sec Pulse 30 sec Pulse 15 sec Pulse 1 sec Pulse
17. User Device proposed to be connected to SIP Trunk (please tick option and strike off others)
(i) IP-PBX (ii) Router (iii) SIP Server (iv) IVRS

18. Concurrent Channel requirement:

(Please enter no. of channels in (a) multiples of 10 from 50 to 1190 for MPLS (b) multiples of 5 from 10 to 45 for Internet connectivity)
No. of Channels
Note: CAPs (Call Attempts Per Second): 10-99 channels 1 CAP, 100-499 channels 5 CAPs, 500-999 channels 10 CAPs, 1000-1199 channels 15 CAPs

19. Trans-coding required: (Only for MPLS connectivity - Codes other than PCMA/PCMU, RFC2833 DTMF conversion, Fax conversion
capabilities require transcoding) (Transcoding attracts additional charges)(Other than PCMA/PCMU codec only G.729 & AMR codec are
supported)
A. Yes No

(Please tick options B, C & D if transcoding required - only for MPLS connectivity)
B. G729 AMR

C. DTMF RFC2833

D. Fax T.38 to PCMA/PCMU G.729 AMR

20. Surrogate Registration required: (Please tick options - only for MPLS connectivity)
Yes No

21. Requirement of DID/Child Numbers: (Please enter number from 0 to 999. Maximum indicators per concurrent channel shall be 2.)
No. of DID

22. Pilot Number requirement: (only for MPLS connectivity - Please enter number from 1 to 4. More than one pilot number supported only if
the customer device capable of registering all Pilot numbers through same source IP but with different UDP ports )

No of Pilot Numbers

23. Calling Line Identity Presentation (CLIP):

A. Only Pilot No

B. Pilot & DID Nos.

24. Payment Option: (Refundable Advance Security Deposit shall be one month’s charge in case of Monthly payment option. )
Monthly One Year Two Years Three Years

25. Payment Mode: Cash Demand Draft Amount

Payment Details: DD No. Dated
Drawn On: Bank
Branch

2
 I hereby declare that information given above is true to the best of my knowledge and I will abide by
the prevailing Telegraph Act/ Rules framed thereunder & Tariffs as amended from time to time. I am not a
defaulter on account of non-payment of bills for any telecom services provided by any service provider. In the
event of any dispute concerning any telecom line, apparatus or appliance, bill, etc. between me/us and BSNL,
the matter shall be referred to the sole Arbitrator, appointed by a nominated Authority in BSNL and shall be
governed by the provision of the Arbitration and Conciliation Act 1996.

Signature of Customer/ Authorized Signatory Signature of Customer/ Authorized Signatory

Signed on: Date
D D M M Y Y Y Y

3
INSTRUCTIONS FOR FILLING THE FORM FOR NEW SIP TRUNK CONNECTION

1. The form may be filled up in Capital letters only.

2. In the absence of PAN/GIR number, declaration in form 60/61 may be furnished in the enclosed pro-forma.

3. In case of sole proprietary concern, proprietor may sign himself and affix rubber stamp.

4. In case of partnership concern, all partners or any one of the partners duly authorized or Person with the Power of
Attorney may sign. In case of Company, signature should be of a person on behalf of a Company, in accordance with
the provisions of its Articles of Association. In case of partnership concerns, copy of (i) Power of attorney for
authorization & (ii) Partnership Deed, and In case of Limited Company, a copy of the Articles of Association, may
be attached.

5. In case of Government Departments, authorized person may sign and affix rubber stamp.

6. The company will not provide any kind of subscriber terminal equipment and subscribers have to provide their own
terminal equipment, which have interface approval from TEC. Company provides Fibre up to NT and thereafter
subscriber wiring has to be provided by the subscriber.

7. If at any stage information furnished is found false - Telecom Service/ Telephone provided is liable to be
disconnected immediately without any notice.

8. Tariff is subject to change without notice.

9. Email id of Customer should be provided for sharing of password and VPN certificates / Keys. The Customer shall
be responsible for all customer end security compliance.

4
UNDERTAKING TO BE SUBMITTED ALONG WITH APPLICATION FOR SIP TRUNK
CONNECTION

I / We …………………………………………………………………… the applicants for the SIP Trunk do hereby undertake the following:

1. I / We will abide the relevant provision of the Indian Telegraph act, 1885 as amended from time to time as
well as relevant rules / orders made thereon.
2. I / We will abide by the relevant provision of the TRAI Act or any other relevant Act passed by the
parliament and express our willingness to be prosecuted for any violation of the said Acts.
3. I / We undertake to use the SIP TRUNK lines(s) as fixed line connection from single physical location as
listed in service address.
4. I / We undertake to use necessary firewall protection and security measures to prevent from VOIP attacks
and all kinds of Cyber attacks.
5. I / We will not use the SIP TRUNK line(s) for the purpose other than for which the same has been
obtained.
6. I / We will not use any compression technique that may cause loss to the BSNL or National Exchequer or
be against public interest or be opposed to the public policy that may have direct or indirect bearing on
the revenue of BSNL.
7. I / We will not misuse the SIP TRUNK Line(S) to do any act that may invite action under IPC, FERA or any
other law.
8. I / We will not use the SIP TRUNK Line(S) to do any act that is detrimental to the security, defence, public
interest and public policy of our nation.
9. I / We undertake to allow inspection of our premises by BSNL, at all times and will co-operate fully with
them.
10. I / We undertake that switching calls to PSTN (Public Switched Telephone Network) subscriber, which are
the functions of BSNL, or by another Licensee, Licensed by the Government of India or by the Department
of Telecommunications, cannot be usurped by us by performing basic services like receiving and
processing calls either through Compression Technique and / or Internet or by any other means with or
without intent to make gains tangible or intangible.
11. I / We further undertake not to further transit/terminate such calls to other national or international
number.
12. I/We shall keep our SIP IP PBX/Server logically partitioned on which service is delivered by BSNL,
ensuring prevention of any cross flow/patching of voice call with public/private data network.
13. The Customer shall use the services for their internal consumption and shall not re-sell or re-lease the
services unless customer carries a valid and appropriate license and/or registration on this behalf from
concerned statutory or regulatory authorities. Customer undertakes that the Telecom Resources provided
by BSNL shall not be used for any illegal call routing ensuring complete restriction of any cross flow of
calls between public and private network. Any request of termination of Telecom Resources and/or
change in logical partitioning from customer’s end shall be within the prescribed guidelines of DOT.
Further, Customer shall keep BSNL fully indemnified against any actions or omissions by the Customer
while using the services, where such actions or omissions are against any applicable law or regulatory
norms laid down by any statutory authority of the country.

14. Commercial communications can only be done vide the Telecom Commercial Communications Customer
Preference Regulations, 2010, whereby a telemarketer is required to be registered with TRAI for carrying
5
 out commercial activities. Please note that making unsolicited calls to DND base is an offence. If customer’s
number is reported/found to be used for unsolicited promotional activities, all numbers for same name &
address shall be disconnected. The name & address shall be blacklisted for next 2 years & subscription
denied. The number will be recycled as per the Policy but the customer shall be denied subscription as per
the prevailing TRAI guidelines at that point of time. Customers shall register for telemarketing with TRAI
and use designated telemarketing series numbers/SMS resources for promotional calls/SMS. For more
information visit www.TRAI.gov.in.
15. I / We undertake to strictly confine SIP Trunk password and VPN Certificate/Key with Customer and
comply to security requirement at customer end furnished by BSNL.
16. I / We undertake to strictly adhere to all the above conditions , based on which , we are extended this
facility and I/we am/are liable for prosecution for any breach or violation of the Indian Telegraph Act,
1885 or under any other law being in force.
17. I / We further undertake to indemnify BSNL and make good any loss that may be caused to BSNL, in case
of breach of any of the conditions mentioned above.

Date: Signature of Customer Authorized Signatory

Place: Name:
Seal:

Security Requirement for SIP Trunk service at Customer end

6
i. General Security Features required

1. Should maintain a separate network/VPN for SIP service and local network.
2. No computer/client should be connected to both SIP service and local networks without any
proper security measures.
3. Any system which is connected with both SIP service and local networks should not have any
access to Internet.
4. Any such system which is connected to both SIP service and local networks should avoid
running any other services with corresponding listening ports opened or should have only
limited access to local network.
5. Install a SBC to have better SIP layer security.
6. IP-PBX SIP Service network and network used to configure & maintain IP-PBX/Associated
devices must be in separate network/VPN. Login to such servers/system should be through
console only. There should not be system login from the configuration & maintenance network
or SIP Service network.
7. Change the default SIP port from 5060 to some generic port.
8. Do not flash any banner with the version number of the software used in any of the login or
login pages of IP-PBX and SBC.
9. Proper firewall should be installed to allow only legitimate traffic inside.
10. All windows PCs should be updated regularly on second Tuesday of every month when
patches are released from Microsoft.
11. All security patches should be applied for Linux and android based system connected to the
network regularly.
12. All types of PBX used should be updated to the latest security patch with proper support from
the OEM.
13. All types of PBX with the version used should be reported to BSNL. Any upgrade also need to
be reported.

ii. Precautions to be taken while using Asterisk PBX for SIP Trunk:

Asterisk has many security vulnerabilities which are well documented. Not applying proper patch
for the vulnerabilities is an easy target for hackers.

Recommendations from Asterisk for security.

1. Change the 5060 default sip port of your server to a different one and make sure to configure
the extension clients accordingly as well.

2. If you don't have any remote extensions, allow access to your servers for local user
extensions only. You can find here (http://www.voip-
info.org/wiki/index.php?page=Asterisk+sip+permit-deny-mask) an example to limit SIP traffic
to and from a peer to a certain IP or network

3. If you have remote extensions, change the passwords with stronger passwords for these
extensions.

4. If you are an advanced user, use tools to protect your server from random password attacks
like Fail2Ban. Fail2ban scans log files and bans IP addresses that make repeated,
unsuccessful password attempts.

7
5. Update your server to latest version for security fixes.

Following are some of the well known issues of Asterisk

1. Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption

2. FreePBX 13/14 - Remote Command Execution / Privilege Escalation
3. Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack Corruption
4. Asterisk chan_pjsip 15.2.0 - 'SDP fmtp' Denial of Service
5. Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow
6. Asterisk chan_pjsip 15.2.0 - 'SDP' Denial of Service
7. Asterisk chan_pjsip 15.2.0 - 'INVITE' Denial of Service
8. Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption
9. Fonality trixbox - 'asterisk_info.php' Directory Traversal
10. Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting
11. Asterisk 1.8.4.1 - SIP 'REGISTER' Request User Enumeration
12. Asterisk 1.8.x - SIP INVITE Request User Enumeration
13. Asterisk Recording Interface 0.7.15/0.10 - Multiple Vulnerabilities
14. Asterisk 1.6 IAX - 'POKE' Requests Remote Denial of Service
15. Asterisk 1.4.x - RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities
16. Asterisk 1.x - BYE Message Remote Denial of Service
17. Asterisk 'asterisk-addons' 1.2.7/1.4.3 - CDR_ADDON_MYSQL Module SQL Injection
18. Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2)
19. Asterisk Recording Interface 0.7.15 - 'Audio.php' Information Disclosure
20. Asterisk 0.x/1.0/1.2 Voicemail - Unauthorized Access
21. Asterisk PBX 0.7.x - Multiple Logging Format String Vulnerabilities
22. Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC)
23. Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)
24. Asterisk 1.2.x - SIP channel driver / in pedantic mode Remote Crash
25. Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash
26. Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service
27. Asterisk 1.2.16/1.4.1 - SIP INVITE Remote Denial of Service
28. Asterisk 1.2.15/1.4.0 - Remote Denial of Service
29. Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)