We have a Calix ONT in our lab that is ‘on the internet’ for its voice VLAN. It gets rogue INVITES and rings constantly (every 5-10 seconds). Makes for a nice honeypot, source IPs go right into the ACL on the firewall
— Matthew Crocker President - Crocker Communications, Inc. Managing Partner - Crocker Telecommunications, LLC E: matt...@corp.crocker.com E: matt...@crocker.com > On Nov 20, 2015, at 3:35 PM, Robert Johnson <rober...@bendtel.com> wrote: > > On 11/20/2015 12:14 PM, Carlos Alvarez wrote: >> We're starting to see customers who get random arbitrary ringing caused by >> a random connection attempt from the internet. Most of our customers have >> Cisco routers with full-cone NAT, so it's easy to do that. We don't >> reinvite handsets, we proxy the media, so we've considered using restricted >> NAT instead. If we can figure out how, we can't find any documentation on >> how to do it, and don't have a response to our Cisco TAC case on it yet. >> >> But I figured I'd ask if others have come up with better solutions. I know >> there are a few authentication options in the phones themselves, but they >> seem to vary greatly by vendor and even by model. I like to do things as >> simply and system-wide as possible. We primarily sell Grandstream, and we >> support Cisco/Linksys SPA as well as Polycom IP series (not VVX). >> >> We're an Asterisk-based hosted service provider. >> >> >> >> _______________________________________________ >> VoiceOps mailing list >> VoiceOps@voiceops.org >> https://puck.nether.net/mailman/listinfo/voiceops >> > > This may be dependent upon the Cisco router in question, but when we > deploy routers we always set the ACL to only allow SIP communications > from our SBC. - When customers provide their own, we recommend the same > settings. > > -- > Robert Johnson > BendTel, Inc. > (541)389-4020 > Central Oregon's Own Telephone and Internet Service Provider > http://bendtel.com/about/ > _______________________________________________ > VoiceOps mailing list > VoiceOps@voiceops.org > https://puck.nether.net/mailman/listinfo/voiceops > _______________________________________________ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops