[VoiceOps] Preventing random SIP connections to handsets

Carlos Alvarez caalvarez at gmail.com
Fri Nov 20 16:16:32 EST 2015

We've never seen evidence of issues other than just making phones ring.  I
assume it's some script kiddies trying to find an open SIP proxy.

The routers in use are owned by our ISP partner and managed by them.
Typical mid-grade routers like a 1900 series.  I'm not aware of an ability
to filter SIP as an application with those, though I've been pretty removed
from Cisco hands-on for some time.  Filtering based on port would not help

On Fri, Nov 20, 2015 at 2:13 PM, Alex Balashov <abalashov at evaristesys.com>

> On 11/20/2015 04:09 PM, Calvin Ellison wrote:
> challenge to BYE should mitigate that particular targeted attack.
> Spoofed sequential (in-dialog) requests strike me as less of a concern
> than initial requests, since, in order for the BYE to match an existing
> dialog in the phone's UAS, the attacker would have to spoof a valid From
> & To-tag, Call-ID, CSeq, etc.
> --
> Alex Balashov | Principal | Evariste Systems LLC
> 303 Perimeter Center North, Suite 300
> Atlanta, GA 30346
> United States
> Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20151120/2855adbd/attachment.html>

More information about the VoiceOps mailing list