thanks for the replies. I dont want to rule-out the possibility of network sniffing. I am sure its not an inside job. The server is off-site and is hosted by a very well reputed hosting company. So if someone is sniffing, what should I do?
>Probably, you are receiving INVITE attacks from some tool like sipvicious. You should rearange your network to cover some inportant security issues. I have tested sipvicious against my asterisk server already, its been secured that way. >Probably your network is exposed to the Internet. To address those situations, you can use a distinct VLAN to address SIP phones >and you also can use port security at the switching ports where you connect your ATAs and phones. You should also deliver with >tagging (802.1Q) that VLAN to those ATAs and phones. This should protect you from inside sniffers. >This VLAN should just communicate with the DMZ where you should have your asterisk server and between those two networks >you should only open the needed ports - for a common SIP infrastructure you should open UDP 5060 and the specified UDP >range shown in rtp.conf file for the media to pass. Phones VLAN should not communicate directlly with the world, just in the >outbound direction if you like. I will talk to my network admin about this. I dont have any wireless network interface to our server. And I am going to apply that IP table thing to the server. Any more suggestions please? On Mon, Feb 28, 2011 at 4:31 PM, Ricardo Carvalho < [email protected]> wrote: > Probably, you are receiving INVITE attacks from some tool like sipvicious. > You should rearange your network to cover some inportant security issues. > > The IP address of you server can be revealed in some unincrypted SIP > signaling of some call through the Internet to/from your server's client, or > simply by your client SRV record in the DNS, if you added it to his DNS. > > Probably your network is exposed to the Internet. To address those > situations, you can use a distinct VLAN to address SIP phones and you also > can use port security at the switching ports where you connect your ATAs and > phones. You should also deliver with tagging (802.1Q) that VLAN to those > ATAs and phones. This should protect you from inside sniffers. > This VLAN should just communicate with the DMZ where you should have your > asterisk server and between those two networks you should only open the > needed ports - for a common SIP infrastructure you should open UDP 5060 and > the specified UDP range shown in rtp.conf file for the media to pass. Phones > VLAN should not communicate directlly with the world, just in the outbound > direction if you like. > > Regards, > Ricardo Carvalho. > > > > > > > On Mon, Feb 28, 2011 at 10:33 AM, Rizwan Hisham <[email protected]>wrote: > >> Hi all, >> The problem I have been experiencing since last month is that some of my >> customers are getting calls with "Asterisk <Unknown>" caller id. Most of >> them in the middle of the night. And my asterisk server has no record of >> these calls. The customers were getting irritated as you can imagine. I >> guessed the only way to receive incoming calls by by-passing the >> registration server is thru sip-uri calls directly to customers. I have >> updated the customers atas to not accept any calls from sources other than >> the registration server. Thats all fine now. But the question is how can >> anyone know the direct sip uri addresses of our customers. >> >> My guess is that someone has been sniffing my server's sip traffic. In >> that case what should i do to get rid of the sniffers? >> >> If you think there is another reason for that then please tell me even if >> you dont have the solution. >> >> Thanks >> >> -- >> Best Ragards >> Rizwan Qureshi >> VoIP/Asterisk Engineer >> Axvoice Inc. >> V: +92 (0) 3333 6767 26 >> E: [email protected] >> W: www.axvoice.com >> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > -- Best Ragards Rizwan Qureshi VoIP/Asterisk Engineer Axvoice Inc. V: +92 (0) 3333 6767 26 E: [email protected] W: www.axvoice.com
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
