[VoiceOps] Preventing random SIP connections to handsets

Robert Johnson robert.j at bendtel.com
Fri Nov 20 15:35:23 EST 2015


On 11/20/2015 12:14 PM, Carlos Alvarez wrote:
> We're starting to see customers who get random arbitrary ringing caused by
> a random connection attempt from the internet.  Most of our customers have
> Cisco routers with full-cone NAT, so it's easy to do that.  We don't
> reinvite handsets, we proxy the media, so we've considered using restricted
> NAT instead.  If we can figure out how, we can't find any documentation on
> how to do it, and don't have a response to our Cisco TAC case on it yet.
> 
> But I figured I'd ask if others have come up with better solutions.  I know
> there are a few authentication options in the phones themselves, but they
> seem to vary greatly by vendor and even by model.  I like to do things as
> simply and system-wide as possible.  We primarily sell Grandstream, and we
> support Cisco/Linksys SPA as well as Polycom IP series (not VVX).
> 
> We're an Asterisk-based hosted service provider.
> 
> 
> 
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
> 

This may be dependent upon the Cisco router in question, but when we
deploy routers we always set the ACL to only allow SIP communications
from our SBC. - When customers provide their own, we recommend the same
settings.

-- 
Robert Johnson
BendTel, Inc.
(541)389-4020
Central Oregon's Own Telephone and Internet Service Provider
http://bendtel.com/about/


More information about the VoiceOps mailing list