Thanks Danny. I've already reduced the number of RTP ports used in
Asterisk configs and the firewall - as 10000 seemed like a crazy number
for my needs!
On 23/01/13 17:27, Danny Nicholas wrote:
As I am going to mis-explain this, an Asterisk SIP call originates on port
5060 (incoming or outgoing) then uses two RTP ports for audio in and audio
out. Police and Hackers can tap into the RTP ports to monitor your
conversations (I don't really know if the capabilities stop there) but you
can limit your exposure by changing the default 10000-20000 range to a range
of 4 per anticipated calls simultaneously. If you have 5 phones in your
shop, you aren't going to make 2500 simultaneous calls (just seems like
telemarketers can do this). Change the 10000-20000 to 10001-10040 for a 5
phone shop. This lets all 5 phones have two calls going at once.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Sebastian
Arcus
Sent: Wednesday, January 23, 2013 11:21 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] Is there a need to secure RTP ports?
I have an Asterisk server with one SIP trunk to a SIP provider. As my server
registers with the SIP provider, I don't have any SIP ports open at my end
to the Internet. However, I have the RTP ports open (as SIP has some trouble
with my NAT). My question is - what are the vulnerabilities in this scenario
at my end? I suppose some man-in-the-middle or eavesdropping attack is
always a possibility - but that aside, is there anything that will attack
RTP ports on Asterisk when there are no SIP ports open? I was looking into
installing fail2ban
- until I realised that there is no SIP port exposed for an attacker to poke
at.
Searching on Google for "secure RTP ports" keeps on bringing up results
about SRTP - which is not exactly the answer to my question.
Thank you
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to
Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
Linux vehicle CCTV - www.open-t.co.uk/iroko
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
