[VoiceOps] Preventing random SIP connections to handsets

Matthew Crocker matthew at corp.crocker.com
Fri Nov 20 15:37:43 EST 2015

We have a Calix ONT in our lab that is ‘on the internet’ for its voice VLAN.   It gets rogue INVITES and rings constantly (every 5-10 seconds).   Makes for a nice honeypot, source IPs go right into the ACL on the firewall


Matthew Crocker
President - Crocker Communications, Inc.
Managing Partner - Crocker Telecommunications, LLC
E: matthew at corp.crocker.com
E: matthew at crocker.com

> On Nov 20, 2015, at 3:35 PM, Robert Johnson <robert.j at bendtel.com> wrote:
> On 11/20/2015 12:14 PM, Carlos Alvarez wrote:
>> We're starting to see customers who get random arbitrary ringing caused by
>> a random connection attempt from the internet.  Most of our customers have
>> Cisco routers with full-cone NAT, so it's easy to do that.  We don't
>> reinvite handsets, we proxy the media, so we've considered using restricted
>> NAT instead.  If we can figure out how, we can't find any documentation on
>> how to do it, and don't have a response to our Cisco TAC case on it yet.
>> But I figured I'd ask if others have come up with better solutions.  I know
>> there are a few authentication options in the phones themselves, but they
>> seem to vary greatly by vendor and even by model.  I like to do things as
>> simply and system-wide as possible.  We primarily sell Grandstream, and we
>> support Cisco/Linksys SPA as well as Polycom IP series (not VVX).
>> We're an Asterisk-based hosted service provider.
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
> This may be dependent upon the Cisco router in question, but when we
> deploy routers we always set the ACL to only allow SIP communications
> from our SBC. - When customers provide their own, we recommend the same
> settings.
> -- 
> Robert Johnson
> BendTel, Inc.
> (541)389-4020
> Central Oregon's Own Telephone and Internet Service Provider
> http://bendtel.com/about/
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops

More information about the VoiceOps mailing list