[asterisk-users] Is there a need to secure RTP ports?

Michael Keuter lists at mksolutions.info
Thu Jan 24 09:02:10 CST 2013


Am 23.01.2013 um 18:33 schrieb Carlos Alvarez:

> On Wed, Jan 23, 2013 at 10:20 AM, Sebastian Arcus <shop at open-t.co.uk> wrote:
> I have an Asterisk server with one SIP trunk to a SIP provider. As my server registers with the SIP provider, I don't have any SIP ports open at my end to the Internet. However, I have the RTP ports open (as SIP has some trouble with my NAT). My question is - what are the vulnerabilities in this scenario at my end? I suppose some man-in-the-middle or eavesdropping  attack is always a possibility - but that aside, is there anything that will attack RTP ports on Asterisk when there are no SIP ports open? I was looking into installing fail2ban - until I realised that there is no SIP port exposed for an attacker to poke at.
> 
> I've been working in IP telephony for about ten years.  I've never once heard of any attack on the RTP ports.  While you can never say anything is "impossible" there's simply nothing listening on those ports.  It's probably possible to have a DOS attack where someone starts sending RTP to all of your ports and they would interfere with a call, but they couldn't do more than that.  That could work if your router has full cone NAT and a lot of other things fall into place.  Still kind of out there as a real threat.
> 
> 
> -- 
> Carlos Alvarez
> TelEvolve
> 602-889-3003

2 years ago someone demonstrated on the 27C3 in Berlin some interstings things you can do with RTP:
http://media.ccc.de/browse/congress/2010/27c3-4193-en-having_fun_with_rtp.html

(use the original file)

Michael

http://www.mksolutions.info




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6060 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20130124/2b627366/attachment.bin>


More information about the asterisk-users mailing list