OK, I had a MAJOR SIP breach this morning. Let me start with what I have configured on the firewall. I configured SIP settings under the network security section with a server network of the SIP service provider IP and the client network as my internal VoIP network (all VoIP phones and the PBX are located on their own network). SIP seemed to be working fine.
This morning I had a sheriff show up at my door because there was a 911 hang up from our number. Looking at the PBX logs I saw that there was a very long list of attempts to access our server and in fact there were four attempts to place international calls and one 911 hangup. The fact that this traffic made it to the PBX means it got through the firewall. I was under the impression that the security I setup would prevent this. The setup was done using version 8.xx from the web site and was upgraded via up2date to 8.103 and then 8.201.
I then decided to see if I could register a soft phone from outside of my VoIP network and in fact I was able to connect to the PBX from the WAN side of the link, right through the firewall. Next I disabled the SIP configuration in the firewall and re-enabled it re-checking my settings. Once I had done this, the settings seemed to take and I was no longer able to connect to the PBX from the WAN side. So while that particular vulnerability "seems" to be solved, I am not sure what caused it. I am also not clear if I was vulnerable from the start or of it occurred at some point after configuration. However, the breach was significant and very unexpected.
Mike
This thread was automatically locked due to age.
