[asterisk-users] Is there a need to secure RTP ports?

Sebastian Arcus shop at open-t.co.uk
Wed Jan 23 15:46:58 CST 2013


On 23/01/13 17:33, Carlos Alvarez wrote:
> On Wed, Jan 23, 2013 at 10:20 AM, Sebastian Arcus <shop at open-t.co.uk
> <mailto:shop at open-t.co.uk>> wrote:
>
>     I have an Asterisk server with one SIP trunk to a SIP provider. As
>     my server registers with the SIP provider, I don't have any SIP
>     ports open at my end to the Internet. However, I have the RTP ports
>     open (as SIP has some trouble with my NAT). My question is - what
>     are the vulnerabilities in this scenario at my end? I suppose some
>     man-in-the-middle or eavesdropping  attack is always a possibility -
>     but that aside, is there anything that will attack RTP ports on
>     Asterisk when there are no SIP ports open? I was looking into
>     installing fail2ban - until I realised that there is no SIP port
>     exposed for an attacker to poke at.
>
>
> I've been working in IP telephony for about ten years.  I've never once
> heard of any attack on the RTP ports.  While you can never say anything
> is "impossible" there's simply nothing listening on those ports.  It's
> probably possible to have a DOS attack where someone starts sending RTP
> to all of your ports and they would interfere with a call, but they
> couldn't do more than that.  That could work if your router has full
> cone NAT and a lot of other things fall into place.  Still kind of out
> there as a real threat.
>

Thanks Carlos. I sort of figured that there shouldn't be any listening 
daemons on RTP ports - as the calls get initiated on the SIP side of 
things - so couldn't think of any attack vector to compromise my server 
there. But I just didn't seem to be able to find an online source to 
back my theory. Thanks again for confirming.

Sebastian

Sebastian



More information about the asterisk-users mailing list