[asterisk-users] Is there a need to secure RTP ports?
Sebastian Arcus
shop at open-t.co.uk
Wed Jan 23 15:46:58 CST 2013
On 23/01/13 17:33, Carlos Alvarez wrote:
> On Wed, Jan 23, 2013 at 10:20 AM, Sebastian Arcus <shop at open-t.co.uk
> <mailto:shop at open-t.co.uk>> wrote:
>
> I have an Asterisk server with one SIP trunk to a SIP provider. As
> my server registers with the SIP provider, I don't have any SIP
> ports open at my end to the Internet. However, I have the RTP ports
> open (as SIP has some trouble with my NAT). My question is - what
> are the vulnerabilities in this scenario at my end? I suppose some
> man-in-the-middle or eavesdropping attack is always a possibility -
> but that aside, is there anything that will attack RTP ports on
> Asterisk when there are no SIP ports open? I was looking into
> installing fail2ban - until I realised that there is no SIP port
> exposed for an attacker to poke at.
>
>
> I've been working in IP telephony for about ten years. I've never once
> heard of any attack on the RTP ports. While you can never say anything
> is "impossible" there's simply nothing listening on those ports. It's
> probably possible to have a DOS attack where someone starts sending RTP
> to all of your ports and they would interfere with a call, but they
> couldn't do more than that. That could work if your router has full
> cone NAT and a lot of other things fall into place. Still kind of out
> there as a real threat.
>
Thanks Carlos. I sort of figured that there shouldn't be any listening
daemons on RTP ports - as the calls get initiated on the SIP side of
things - so couldn't think of any attack vector to compromise my server
there. But I just didn't seem to be able to find an online source to
back my theory. Thanks again for confirming.
Sebastian
Sebastian
More information about the asterisk-users
mailing list