On Wed, Jan 23, 2013 at 10:20 AM, Sebastian Arcus <span dir="ltr"><<a href="mailto:shop@open-t.co.uk" target="_blank">shop@open-t.co.uk</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I have an Asterisk server with one SIP trunk to a SIP provider. As my server registers with the SIP provider, I don't have any SIP ports open at my end to the Internet. However, I have the RTP ports open (as SIP has some trouble with my NAT). My question is - what are the vulnerabilities in this scenario at my end? I suppose some man-in-the-middle or eavesdropping attack is always a possibility - but that aside, is there anything that will attack RTP ports on Asterisk when there are no SIP ports open? I was looking into installing fail2ban - until I realised that there is no SIP port exposed for an attacker to poke at.<br>
</blockquote><div><br></div><div>I've been working in IP telephony for about ten years. I've never once heard of any attack on the RTP ports. While you can never say anything is "impossible" there's simply nothing listening on those ports. It's probably possible to have a DOS attack where someone starts sending RTP to all of your ports and they would interfere with a call, but they couldn't do more than that. That could work if your router has full cone NAT and a lot of other things fall into place. Still kind of out there as a real threat.</div>
<div><br></div></div><div><br></div>-- <br><div>Carlos Alvarez</div><div>TelEvolve</div><div>602-889-3003</div><div><br></div>