[VoiceOps] Phone hack

Mark R Lindsey lindsey at e-c-group.com
Fri Sep 27 17:01:53 EDT 2013

On Fri, 27 Sep 2013, PE wrote:
> ...so it seems that there is an outside
> party sending SIP directly to the (Polycom) handsets.

On Sep 27, 2013, at 15:00 , "J. Oquendo" <joquendo at e-fensive.net> wrote:
> If someone is hitting a device
>   that is behind say NAT/FW/etc. (non-public IP addr) then
>   you may have bigger problems.

If your customers Internet-facing routers have Full-Cone NAT, then it's likely they're exposed. 

I.e., any device on the Internet can send SIP back to the device if that Internet device can figure out the port number from which the SIP was sent.  And in many cases, the NAT router will try to reuse the same port number that was used by the internal device; i.e., in many cases, it'll be port 5060 facing the Internet.

Want to test your customers? Send a SIP OPTIONS to their UDP/5060 of their Internet-facing NAT device from some place other than your registrar/SBC.

>>> mark at ecg.co +1-229-316-0013 http://ecg.co/lindsey

More information about the VoiceOps mailing list