[asterisk-users] Is there a need to secure RTP ports?
Sebastian Arcus
shop at open-t.co.uk
Wed Jan 23 15:36:35 CST 2013
Thanks Danny. I've already reduced the number of RTP ports used in
Asterisk configs and the firewall - as 10000 seemed like a crazy number
for my needs!
On 23/01/13 17:27, Danny Nicholas wrote:
> As I am going to mis-explain this, an Asterisk SIP call originates on port
> 5060 (incoming or outgoing) then uses two RTP ports for audio in and audio
> out. Police and Hackers can tap into the RTP ports to monitor your
> conversations (I don't really know if the capabilities stop there) but you
> can limit your exposure by changing the default 10000-20000 range to a range
> of 4 per anticipated calls simultaneously. If you have 5 phones in your
> shop, you aren't going to make 2500 simultaneous calls (just seems like
> telemarketers can do this). Change the 10000-20000 to 10001-10040 for a 5
> phone shop. This lets all 5 phones have two calls going at once.
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Sebastian
> Arcus
> Sent: Wednesday, January 23, 2013 11:21 AM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: [asterisk-users] Is there a need to secure RTP ports?
>
> I have an Asterisk server with one SIP trunk to a SIP provider. As my server
> registers with the SIP provider, I don't have any SIP ports open at my end
> to the Internet. However, I have the RTP ports open (as SIP has some trouble
> with my NAT). My question is - what are the vulnerabilities in this scenario
> at my end? I suppose some man-in-the-middle or eavesdropping attack is
> always a possibility - but that aside, is there anything that will attack
> RTP ports on Asterisk when there are no SIP ports open? I was looking into
> installing fail2ban
> - until I realised that there is no SIP port exposed for an attacker to poke
> at.
>
> Searching on Google for "secure RTP ports" keeps on bringing up results
> about SRTP - which is not exactly the answer to my question.
>
> Thank you
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to
> Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
Linux vehicle CCTV - www.open-t.co.uk/iroko
More information about the asterisk-users
mailing list