----- Original Message ----- From: "Stewart Nelson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 29, 2004 3:51 PM
Subject: Re: [Asterisk-Users] Suggestion re: SIP/NAT/*
On the client side, I'm not sure what the risk is to say a SIP phone that has 5060 and some rtp ports forwarded to it. Maybe someone can come in and list the threats to both ends of a double NAT setup? I'm sure hundreds of us would be very interested in this!
Here is a simple example. A user with a home office has a Cisco ATA-186 for SIP communication with his company's * PBX.
1. He puts the ATA in the DMZ, because he isn't sure what he has to forward, or he intentionally forwards port 80, so the office staff can administer the box. It has a strong password, so he doesn't worry.
2. His firmware has the Password Disclosure Vulnerability, see http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml
3. Attacker accesses configuration web page on device.
4A. Attacker modifies configuration to send calls through his proxy, listens in on calls. Or,
4B. Attacker downloads new firmware into ATA from his site, installing LAN packet sniffer.
In another case, a user has a SIP phone that polls a server for configuration updates via TFTP, but lacks strong encryption. Attacker sends forged UDP packets in response to (assumed) TFTP request, downloads malicious config.
There are lots more.
If he/she puts it on the DMZ or opens port 80 then its his/her fault. Your example does not fit into the scope of the senario.
what the risk is to say a SIP phone that has 5060 and some rtp ports
forwarded to it. Maybe someone can come in and list the threats to
both ends of a double NAT setup? I'm sure hundreds of us would be very
interested in this!
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
