[Asterisk-Users] Suggestion re: SIP/NAT/*
Steve Totaro
asterisk at totarotechnologies.com
Fri Oct 29 13:01:48 MST 2004
----- Original Message -----
From: "Stewart Nelson" <sn at scgroup.com>
To: <asterisk-users at lists.digium.com>
Sent: Friday, October 29, 2004 3:51 PM
Subject: Re: [Asterisk-Users] Suggestion re: SIP/NAT/*
>> On the client side, I'm not sure
>> what the risk is to say a SIP phone that has 5060 and some rtp ports
>> forwarded to it. Maybe someone can come in and list the threats to
>> both ends of a double NAT setup? I'm sure hundreds of us would be very
>> interested in this!
>
> Here is a simple example. A user with a home office has a Cisco
> ATA-186 for SIP communication with his company's * PBX.
>
> 1. He puts the ATA in the DMZ, because he isn't sure what he has
> to forward, or he intentionally forwards port 80, so the office
> staff can administer the box. It has a strong password, so
> he doesn't worry.
>
> 2. His firmware has the Password Disclosure Vulnerability, see
> http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml
>
> 3. Attacker accesses configuration web page on device.
>
> 4A. Attacker modifies configuration to send calls through his proxy,
> listens in on calls. Or,
>
> 4B. Attacker downloads new firmware into ATA from his site, installing
> LAN packet sniffer.
>
> In another case, a user has a SIP phone that polls a server for
> configuration updates via TFTP, but lacks strong encryption.
> Attacker sends forged UDP packets in response to (assumed)
> TFTP request, downloads malicious config.
>
> There are lots more.
>
If he/she puts it on the DMZ or opens port 80 then its his/her fault. Your
example does not fit into the scope of the senario.
>> what the risk is to say a SIP phone that has 5060 and some rtp ports
>> forwarded to it. Maybe someone can come in and list the threats to
>> both ends of a double NAT setup? I'm sure hundreds of us would be very
>> interested in this!
More information about the asterisk-users
mailing list