<div dir="ltr">These routers use a range of high ports, nothing is on 5060. It seems that they are scanning, and when they get something, repeatedly attack it. Because our enterprise customers are all on a couple of subnets, they may have keyed into "this range is full of SIP devices" and keep hitting them.<div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 20, 2015 at 1:19 PM, Alex Balashov <span dir="ltr"><<a href="mailto:abalashov@evaristesys.com" target="_blank">abalashov@evaristesys.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I was getting ghost ringing into my Polycom because my router sensibly remaps phone:5060 to WAN_IP:5060. My solution was to switch to SIP TCP.<div><div class="h5"><br>
<br>
On 11/20/2015 03:14 PM, Carlos Alvarez wrote:<br>
<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
We're starting to see customers who get random arbitrary ringing caused<br>
by a random connection attempt from the internet. Most of our customers<br>
have Cisco routers with full-cone NAT, so it's easy to do that. We<br>
don't reinvite handsets, we proxy the media, so we've considered using<br>
restricted NAT instead. If we can figure out how, we can't find any<br>
documentation on how to do it, and don't have a response to our Cisco<br>
TAC case on it yet.<br>
<br>
But I figured I'd ask if others have come up with better solutions. I<br>
know there are a few authentication options in the phones themselves,<br>
but they seem to vary greatly by vendor and even by model. I like to do<br>
things as simply and system-wide as possible. We primarily sell<br>
Grandstream, and we support Cisco/Linksys SPA as well as Polycom IP<br>
series (not VVX).<br>
<br>
We're an Asterisk-based hosted service provider.<br>
<br>
<br>
<br></div></div>
_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
<br><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<br>
-- <br>
Alex Balashov | Principal | Evariste Systems LLC<br>
303 Perimeter Center North, Suite 300<br>
Atlanta, GA 30346<br>
United States<br>
<br>
Tel: <a href="tel:%2B1-800-250-5920" value="+18002505920" target="_blank">+1-800-250-5920</a> (toll-free) / <a href="tel:%2B1-678-954-0671" value="+16789540671" target="_blank">+1-678-954-0671</a> (direct)<br>
Web: <a href="http://www.evaristesys.com/" rel="noreferrer" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.csrpswitch.com/" rel="noreferrer" target="_blank">http://www.csrpswitch.com/</a><br>
_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
</font></span></blockquote></div><br></div>