Am 23.01.2013 um 18:33 schrieb Carlos Alvarez: > On Wed, Jan 23, 2013 at 10:20 AM, Sebastian Arcus <s...@open-t.co.uk> wrote: > I have an Asterisk server with one SIP trunk to a SIP provider. As my server > registers with the SIP provider, I don't have any SIP ports open at my end to > the Internet. However, I have the RTP ports open (as SIP has some trouble > with my NAT). My question is - what are the vulnerabilities in this scenario > at my end? I suppose some man-in-the-middle or eavesdropping attack is > always a possibility - but that aside, is there anything that will attack RTP > ports on Asterisk when there are no SIP ports open? I was looking into > installing fail2ban - until I realised that there is no SIP port exposed for > an attacker to poke at. > > I've been working in IP telephony for about ten years. I've never once heard > of any attack on the RTP ports. While you can never say anything is > "impossible" there's simply nothing listening on those ports. It's probably > possible to have a DOS attack where someone starts sending RTP to all of your > ports and they would interfere with a call, but they couldn't do more than > that. That could work if your router has full cone NAT and a lot of other > things fall into place. Still kind of out there as a real threat. > > > -- > Carlos Alvarez > TelEvolve > 602-889-3003
2 years ago someone demonstrated on the 27C3 in Berlin some interstings things you can do with RTP: http://media.ccc.de/browse/congress/2010/27c3-4193-en-having_fun_with_rtp.html (use the original file) Michael http://www.mksolutions.info
smime.p7s
Description: S/MIME cryptographic signature
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
