A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.voip (UK VOIP)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.voip (UK VOIP) (uk.telecom.voip) Discussion of topics relevant to packet based voice technologies including Voice over IP (VoIP), Fax over IP (FoIP), Voice over Frame Relay (VoFR), Voice over Broadband (VoB) and Voice on the Net (VoN) as well as service providers, hardware and software for use with these technologies. Advertising is not allowed.

DMZ?



 
 
Thread Tools Display Modes
  #1  
Old January 20th 06, 09:44 PM posted to uk.telecom.voip
Motorcyclesaur
external usenet poster
 
Posts: 15
Default DMZ?

Hi Everyone,

I have recently installed a Grandstream GXP 2000 behind a Linksys WAG54GX2,
and am currently using it on three different SIP providers.

The question I have is whether there are any risks of attack or hacking if I
place the phone in the DMZ? Would I get any security benefits from
accurately forwarding the relevant ports to the IP (NAT static) of the
telephone insted of using the easy-to-setup DMZ?

Thank you for your help.

  #2  
Old January 20th 06, 11:56 PM posted to uk.telecom.voip
alexd
external usenet poster
 
Posts: 1,765
Default DMZ?

Motorcyclesaur wrote:

I have recently installed a Grandstream GXP 2000 behind a Linksys
WAG54GX2, and am currently using it on three different SIP providers.

The question I have is whether there are any risks of attack or hacking if
I place the phone in the DMZ? Would I get any security benefits from
accurately forwarding the relevant ports to the IP (NAT static) of the
telephone insted of using the easy-to-setup DMZ?


Attackers could potentially get your SIP username and password from your
phone if it isn't secure. Also, if their are ever any vulnerabilities in
the software on your phone, attackers could exploit them. All very
theoretical risks to be honest, so I wouldn't worry about it.

However, a general rule that applies anything that you connect to an
untrusted network, is to never give it more access to that network than it
needs to function effectively, to preclude the above. Your call really.

alexd
--
http://ale.cx/ (AIM:troffasky) )
23:50:41 up 5 days, 4:05, 2 users, load average: 0.42, 0.65, 0.58
This is my BOOOOOOOOOOOOOOOOOOOOOMSTICK

  #3  
Old January 21st 06, 12:31 PM posted to uk.telecom.voip
Motorcyclesaur
external usenet poster
 
Posts: 15
Default DMZ?

"alexd" wrote in message
...

Attackers could potentially get your SIP username and password from your
phone if it isn't secure. Also, if their are ever any vulnerabilities in
the software on your phone, attackers could exploit them. All very
theoretical risks to be honest, so I wouldn't worry about it.


I thought so... furthermore, anyone who reallly wishes to "steal free VoIP
calls" would be better off by loading a softphone on their own pc. VoIP
traffic is in my view something not worth going for, given that it is
already free of charge. I need more providers just to have geographical
phone numbers in various countries.

However, a general rule that applies anything that you connect to an
untrusted network, is to never give it more access to that network than it
needs to function effectively, to preclude the above. Your call really.


I will probably go for an accurate port mapping in the router as soon as I
have a moment to study whether all my providers use the same ports or
different ones. The DMZ is indeed a temporary quick off-the-shelf solution,
I just wanted to find out if it is worth spending time setting up (and
research) a correct port mapping...

Thank you for your input.

  #4  
Old January 21st 06, 01:07 PM posted to uk.telecom.voip
Brian A
external usenet poster
 
Posts: 1,037
Default DMZ?

On Sat, 21 Jan 2006 12:31:23 -0000, "Motorcyclesaur"
wrote:

"alexd" wrote in message
...

Attackers could potentially get your SIP username and password from your
phone if it isn't secure. Also, if their are ever any vulnerabilities in
the software on your phone, attackers could exploit them. All very
theoretical risks to be honest, so I wouldn't worry about it.


Wouldn't that mean that someone could, potentially, listen into calls?
Remove 'no_spam_' from email address.
  #5  
Old January 21st 06, 01:09 PM posted to uk.telecom.voip
Steven Sumpter
external usenet poster
 
Posts: 49
Default DMZ?

On Fri, 20 Jan 2006 21:44:05 +0000, Motorcyclesaur wrote:

Hi Everyone,

I have recently installed a Grandstream GXP 2000 behind a Linksys WAG54GX2,
and am currently using it on three different SIP providers.

The question I have is whether there are any risks of attack or hacking if I
place the phone in the DMZ? Would I get any security benefits from
accurately forwarding the relevant ports to the IP (NAT static) of the
telephone insted of using the easy-to-setup DMZ?

Thank you for your help.


If the phone has a web interface then you may be exposing it to the
outside world. This will vary though, some adapters put the web interface
only on the LAN side and not the WAN/internet side, or may have a setting
to change that. If you do put it in the DMZ then make sure that you have
changed any default passwords for controlling the phone.

Steve.

  #6  
Old January 21st 06, 03:18 PM posted to uk.telecom.voip
Motorcyclesaur
external usenet poster
 
Posts: 15
Default DMZ?

"Steven Sumpter" wrote in message
news
If the phone has a web interface then you may be exposing it to the
outside world. This will vary though, some adapters put the web interface
only on the LAN side and not the WAN/internet side, or may have a setting
to change that. If you do put it in the DMZ then make sure that you have
changed any default passwords for controlling the phone.


Good point, I hadn't thought about the web possibility. Although the
passwords had already been changed when I installed the phone, I have now
removed the DMZ and forwarded ports 5060-5070 for SIP signalling (both
TCP/UDP, can't tell the difference) and 8766-35000 for RTP audio (again,
both TCP/UDP) as suggested here http://www.voip-info.org/wiki-NAT+and+VOIP .

This should exclude any web attacks and web interface password cracking as
they normally go through port 80 or 8080 if I don't go wrong.

I rebooted both the router and the phone, and it all works fine (all three
providers correctly registered).

Thank you for your help.

  #7  
Old January 22nd 06, 05:18 PM posted to uk.telecom.voip
alexd
external usenet poster
 
Posts: 1,765
Default DMZ?

Brian A wrote:

"alexd" wrote in message
...

Attackers could potentially get your SIP username and password from your
phone if it isn't secure. Also, if their are ever any vulnerabilities in
the software on your phone, attackers could exploit them. All very
theoretical risks to be honest, so I wouldn't worry about it.


Wouldn't that mean that someone could, potentially, listen into calls?


Potentially...anything could happen.

alexd
--
http://ale.cx/ (AIM:troffasky) )
17:17:21 up 6 days, 21:32, 2 users, load average: 1.26, 1.32, 0.88
This is my BOOOOOOOOOOOOOOOOOOOOOMSTICK

 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 03:51 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.