[asterisk-users] Is there a need to secure RTP ports?

Carlos Alvarez carlos at televolve.com
Wed Jan 23 11:33:30 CST 2013


On Wed, Jan 23, 2013 at 10:20 AM, Sebastian Arcus <shop at open-t.co.uk> wrote:

> I have an Asterisk server with one SIP trunk to a SIP provider. As my
> server registers with the SIP provider, I don't have any SIP ports open at
> my end to the Internet. However, I have the RTP ports open (as SIP has some
> trouble with my NAT). My question is - what are the vulnerabilities in this
> scenario at my end? I suppose some man-in-the-middle or eavesdropping
>  attack is always a possibility - but that aside, is there anything that
> will attack RTP ports on Asterisk when there are no SIP ports open? I was
> looking into installing fail2ban - until I realised that there is no SIP
> port exposed for an attacker to poke at.
>

I've been working in IP telephony for about ten years.  I've never once
heard of any attack on the RTP ports.  While you can never say anything is
"impossible" there's simply nothing listening on those ports.  It's
probably possible to have a DOS attack where someone starts sending RTP to
all of your ports and they would interfere with a call, but they couldn't
do more than that.  That could work if your router has full cone NAT and a
lot of other things fall into place.  Still kind of out there as a real
threat.


-- 
Carlos Alvarez
TelEvolve
602-889-3003
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20130123/05bb410d/attachment.htm>


More information about the asterisk-users mailing list