On 23/01/13 17:33, Carlos Alvarez wrote:
On Wed, Jan 23, 2013 at 10:20 AM, Sebastian Arcus <[email protected] <mailto:[email protected]>> wrote:I have an Asterisk server with one SIP trunk to a SIP provider. As my server registers with the SIP provider, I don't have any SIP ports open at my end to the Internet. However, I have the RTP ports open (as SIP has some trouble with my NAT). My question is - what are the vulnerabilities in this scenario at my end? I suppose some man-in-the-middle or eavesdropping attack is always a possibility - but that aside, is there anything that will attack RTP ports on Asterisk when there are no SIP ports open? I was looking into installing fail2ban - until I realised that there is no SIP port exposed for an attacker to poke at. I've been working in IP telephony for about ten years. I've never once heard of any attack on the RTP ports. While you can never say anything is "impossible" there's simply nothing listening on those ports. It's probably possible to have a DOS attack where someone starts sending RTP to all of your ports and they would interfere with a call, but they couldn't do more than that. That could work if your router has full cone NAT and a lot of other things fall into place. Still kind of out there as a real threat.
Thanks Carlos. I sort of figured that there shouldn't be any listening daemons on RTP ports - as the calls get initiated on the SIP side of things - so couldn't think of any attack vector to compromise my server there. But I just didn't seem to be able to find an online source to back my theory. Thanks again for confirming.
Sebastian Sebastian -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
