[asterisk-users] Is there a need to secure RTP ports?
Danny Nicholas
danny at debsinc.com
Wed Jan 23 11:27:13 CST 2013
As I am going to mis-explain this, an Asterisk SIP call originates on port
5060 (incoming or outgoing) then uses two RTP ports for audio in and audio
out. Police and Hackers can tap into the RTP ports to monitor your
conversations (I don't really know if the capabilities stop there) but you
can limit your exposure by changing the default 10000-20000 range to a range
of 4 per anticipated calls simultaneously. If you have 5 phones in your
shop, you aren't going to make 2500 simultaneous calls (just seems like
telemarketers can do this). Change the 10000-20000 to 10001-10040 for a 5
phone shop. This lets all 5 phones have two calls going at once.
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Sebastian
Arcus
Sent: Wednesday, January 23, 2013 11:21 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] Is there a need to secure RTP ports?
I have an Asterisk server with one SIP trunk to a SIP provider. As my server
registers with the SIP provider, I don't have any SIP ports open at my end
to the Internet. However, I have the RTP ports open (as SIP has some trouble
with my NAT). My question is - what are the vulnerabilities in this scenario
at my end? I suppose some man-in-the-middle or eavesdropping attack is
always a possibility - but that aside, is there anything that will attack
RTP ports on Asterisk when there are no SIP ports open? I was looking into
installing fail2ban
- until I realised that there is no SIP port exposed for an attacker to poke
at.
Searching on Google for "secure RTP ports" keeps on bringing up results
about SRTP - which is not exactly the answer to my question.
Thank you
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to
Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list