Utilizing SIP messages to determine the status of a remote terminal in VoIP communication systems

What is claimed is: 1. A method for detecting fraudulent activity in a communication system serving a correctional facility, comprising: receiving a packet stream associated with a voice call utilizing voice over internet protocol (VoIP) between an inmate call party and an outside call party, the packet stream including a session initiation protocol (SIP) message stream; determining a call phase of the voice call based on the packet stream, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase and in response to an ACK signal received from the inmate call party; flagging as suspicious a first SIP message associated with a message type from within the SIP message stream by: determining, during the determined call setup phase, that the message type is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399; or determining, during the determined call established phase, that the message type is one of an INVITE or a REFER; and in response to the flagging, confirming that a disallowed third party has joined the voice call based at least in part on a first content of the first SIP message or a second content of a second SIP message, the second SIP message appearing after the first SIP message within the SIP message stream. 2. The method of claim 1 , wherein the call established phase begins when a real-time transport protocol (RTP) packet stream appears within the packet stream. 3. The method of claim 1 , wherein the message type is 181 Response and the second content comprises a header information field including a SIP universal resource identifier (SIP-URI), and wherein the confirming is based on the SIP-URI being on a block list for the inmate call party. 4. The method of claim 1 , wherein the message type is 181 Response and the second content comprises a header information field including a telephone number, and wherein the confirming is based on the telephone number being on a block list for the inmate call party. 5. The method of claim 1 , wherein the message type is 3xx Response and the first content comprises a header information field including a SIP universal resource identifier (SIP-URI), and wherein the confirming is based on the SIP-URI being on a block list for the inmate call party. 6. The method of claim 1 , wherein the message type is 3xx Response and the first content comprises a header information field including a telephone number, and wherein the confirming is based on the telephone number being on a block list for the inmate call party. 7. The method of claim 1 , wherein the message type is INVITE and the first content comprises a header information field, and wherein the confirming is based on the header information field containing an “isfocus” indication. 8. The method of claim 1 , wherein the message type is INVITE and the first content comprises a session data protocol (SDP) information section, and wherein the confirming is based on the SDP information section including an “a=sendonly” indication or an “a=recvonly” indication. 9. The method of claim 1 , further comprising detecting that a fraudulent activity has occurred based on an absence of real-time transport protocol (RTP) packets in the packet stream during the call established phase for a time longer than a pre-determined threshold. 10. The method of claim 1 , further comprising detecting that a fraudulent activity has occurred based on a presence of silence insertion description (SID) packets in the packet stream during the call established phase for a time longer than a pre-determined threshold. 11. The method of claim 1 , wherein the message type of the first SIP message is REFER and the first content includes a “refer-to” header information field including a SIP universal resource identifier (SIP-URI) or a telephone number, and wherein the confirming is based on the SIP-URI or telephone number being on a block list for the inmate call party. 12. The method of claim 1 , further comprising: in response to the flagging, sending a suspected infraction log to a jail management server; and in response to the confirming: sending a confirmed infraction log to the jail management server, the confirmed infraction log including an infraction type that is at least one of “call forwarding”, “call hold”, and “call forwarding”; and triggering a corrective action. 13. A method for detecting fraudulent activity in a communication system in a correctional facility, comprising: receiving a packet stream associated with a voice call utilizing voice over internet protocol (VoIP) between an inmate call party and an outside call party, the packet stream including a session initiation protocol (SIP) message stream; determining a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase and in response to an ACK signal received from the inmate call party; detecting that a message type associated with a first SIP message from the SIP message stream is one of a 181 Response or a 3xx Response during the call setup phase or that the message type is one of an INVITE or a REFER during the call established phase, wherein 3xx in the 3xx Response represents an integer between 300 and 399; and in response to the detecting, confirming that a disallowed third party has joined the voice call based at least on a first content associated with the first SIP message or a second content associated with a second SIP message from the SIP message stream, the second SIP message appearing after the first SIP message within the SIP message stream. 14. The method of claim 13 , wherein the call established phase begins when a real-time transport protocol (RTP) packet stream appears within the packet stream. 15. The method of claim 13 , wherein the message type is 181 Response and the second content comprises a header information field including a SIP universal resource identifier (SIP-URI) or a telephone number, and wherein the confirming is based on the SIP-URI or the telephone number being on a block list for the inmate call party. 16. The method of claim 13 , wherein the message type is 3xx Response and the first content comprises a header information field including a SIP universal resource identifier (SIP-URI) or a telephone number, and wherein the confirming is based on the SIP-URI or the telephone number being on a block list for the inmate call party. 17. The method of claim 13 , wherein the message type is INVITE and the first content comprises a header information field, and wherein the confirming is based on the header information field containing an “isfocus” indication. 18. The method of claim 13 , wherein the message type is INVITE and the first content comprises a session data protocol (SDP) information section, and wherein the confirming is based on the SDP information section including an “a=sendonly” indication or an “a=recvonly” indication. 19. A monitoring and detection system, comprising: a memory that stores a block list for an inmate call party; a network interface configured to receive a packet stream associated with a voice call utilizing voice over internet protocol (VoIP) between the inmate call party and an outside call party, the packet stream including a session initiation protocol (SIP) message stream; and a processor, configured to: determine a call phase of t