[Asterisk-Users] Suggestion re: SIP/NAT/*

Steve Totaro asterisk at totarotechnologies.com
Fri Oct 29 13:01:48 MST 2004



----- Original Message ----- 
From: "Stewart Nelson" <sn at scgroup.com>
To: <asterisk-users at lists.digium.com>
Sent: Friday, October 29, 2004 3:51 PM
Subject: Re: [Asterisk-Users] Suggestion re: SIP/NAT/*


>> On the client side, I'm not sure
>> what the risk is to say a SIP phone that has 5060 and some rtp ports
>> forwarded to it. Maybe someone can come in and list the threats to
>> both ends of a double NAT setup? I'm sure hundreds of us would be very
>> interested in this!
>
> Here is a simple example.  A user with a home office has a Cisco
> ATA-186 for SIP communication with his company's * PBX.
>
> 1.  He puts the ATA in the DMZ, because he isn't sure what he has
>    to forward, or he intentionally forwards port 80, so the office
>    staff can administer the box.  It has a strong password, so
>    he doesn't worry.
>
> 2.  His firmware has the Password Disclosure Vulnerability, see
> http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml
>
> 3.  Attacker accesses configuration web page on device.
>
> 4A. Attacker modifies configuration to send calls through his proxy,
>    listens in on calls.  Or,
>
> 4B. Attacker downloads new firmware into ATA from his site, installing
>    LAN packet sniffer.
>
> In another case, a user has a SIP phone that polls a server for
> configuration updates via TFTP, but lacks strong encryption.
> Attacker sends forged UDP packets in response to (assumed)
> TFTP request, downloads malicious config.
>
> There are lots more.
>

If he/she puts it on the DMZ or opens port 80 then its his/her fault.  Your 
example does not fit into the scope of the senario.

>> what the risk is to say a SIP phone that has 5060 and some rtp ports
>> forwarded to it. Maybe someone can come in and list the threats to
>> both ends of a double NAT setup? I'm sure hundreds of us would be very
>> interested in this! 




More information about the asterisk-users mailing list