[asterisk-users] asterisk security....again

Rizwan Hisham rizwanhasham at gmail.com
Mon Feb 28 06:25:00 CST 2011


thanks for the replies.

I dont want to rule-out the possibility of network sniffing. I am sure its
not an inside job. The server is off-site and is hosted by a very well
reputed hosting company. So if someone is sniffing, what should I do?


>Probably, you are receiving INVITE attacks from some tool like sipvicious.
You should rearange your network to cover some inportant security issues.

I have tested sipvicious against my asterisk server already, its been
secured that way.


>Probably your network is exposed to the Internet. To address those
situations, you can use a distinct VLAN to address SIP phones >and you also
can use port security at the switching ports where you connect your ATAs and
phones. You should also deliver with >tagging (802.1Q) that VLAN to those
ATAs and phones. This should protect you from inside sniffers.
>This VLAN should just communicate with the DMZ where you should have your
asterisk server and between those two networks >you should only open the
needed ports - for a common SIP infrastructure you should open UDP 5060 and
the specified UDP >range shown in rtp.conf file for the media to pass.
Phones VLAN should not communicate directlly with the world, just in the
>outbound direction if you like.

I will talk to my network admin about this.

I dont have any wireless network interface to our server. And I am going to
apply that IP table thing to the server.

Any more suggestions please?

On Mon, Feb 28, 2011 at 4:31 PM, Ricardo Carvalho <
rjcarvalho.lists at gmail.com> wrote:

> Probably, you are receiving INVITE attacks from some tool like sipvicious.
> You should rearange your network to cover some inportant security issues.
>
> The IP address of you server can be revealed in some unincrypted SIP
> signaling of some call through the Internet to/from your server's client, or
> simply by your client SRV record in the DNS, if you added it to his DNS.
>
> Probably your network is exposed to the Internet. To address those
> situations, you can use a distinct VLAN to address SIP phones and you also
> can use port security at the switching ports where you connect your ATAs and
> phones. You should also deliver with tagging (802.1Q) that VLAN to those
> ATAs and phones. This should protect you from inside sniffers.
> This VLAN should just communicate with the DMZ where you should have your
> asterisk server and between those two networks you should only open the
> needed ports - for a common SIP infrastructure you should open UDP 5060 and
> the specified UDP range shown in rtp.conf file for the media to pass. Phones
> VLAN should not communicate directlly with the world, just in the outbound
> direction if you like.
>
> Regards,
> Ricardo Carvalho.
>
>
>
>
>
>
> On Mon, Feb 28, 2011 at 10:33 AM, Rizwan Hisham <rizwanhasham at gmail.com>wrote:
>
>> Hi all,
>> The problem I have been experiencing since last month is that some of my
>> customers are getting calls with "Asterisk <Unknown>" caller id. Most of
>> them in the middle of the night. And my asterisk server has no record of
>> these calls. The customers were getting irritated as you can imagine. I
>> guessed the only way to receive incoming calls by by-passing the
>> registration server is thru sip-uri calls directly to customers. I have
>> updated the customers atas to not accept any calls from sources other than
>> the registration server. Thats all fine now. But the question is how can
>> anyone know the direct sip uri addresses of our customers.
>>
>> My guess is that someone has been sniffing my server's sip traffic. In
>> that case what should i do to get rid of the sniffers?
>>
>> If you think there is another reason for that then please tell me even if
>> you dont have the solution.
>>
>> Thanks
>>
>> --
>> Best Ragards
>> Rizwan Qureshi
>> VoIP/Asterisk Engineer
>> Axvoice Inc.
>> V: +92 (0) 3333 6767 26
>> E: rizwanhasham at gmail.com
>> W: www.axvoice.com
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>               http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>


-- 
Best Ragards
Rizwan Qureshi
VoIP/Asterisk Engineer
Axvoice Inc.
V: +92 (0) 3333 6767 26
E: rizwanhasham at gmail.com
W: www.axvoice.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110228/bcb51208/attachment-0001.htm>


More information about the asterisk-users mailing list