Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



462 posts

Ultimate Geek
+1 received by user: 2


Topic # 148795 1-Jul-2014 10:57 Send private message quote this post

I just noticed that I have about 13Gb of traffic at my remote office where I am about once a month.
It is corresponding to SIP traffic according to my Asterisk logs.
But my xport portal is showing no phone calls being made.

Is there a way I can block SIP traffic except between WXC and my office?

I am running fail2ban on the asterisk box.  And between the asterisk box and internet is just an ADSL modem.

Is there anything else I can do to stop incurring all this traffic and charges arising there from?

I did call tech support and they said they can't do anything about this, they can't even confirm that it is SIP traffic.  The guy said he though it was unlikely since it was mainly uploading but all I have is just the Asterisk box, and a truenet probe installed.

Thanks

View this topic in a long page with up to 500 replies per page Watch this topic Create new topic
 1 | 2 | 3 | 4
19295 posts

Uber Geek
+1 received by user: 1161

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077705 1-Jul-2014 11:28 One person supports this post Send private message quote this post

You should never have port 5060 exposed to the internet unless you understand the risks - presumably you do have it exposed.

Either remove the port forward or enable iptables on the PBX or your firewall.




462 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077739 1-Jul-2014 12:11 Send private message quote this post

If I don't have port 5060 open, how do I get a connection with VFX?

I have fail2ban which I thought modifies iptables.

7644 posts

Uber Geek
+1 received by user: 254

Trusted
Subscriber

  Reply # 1077800 1-Jul-2014 12:55 Send private message quote this post

gchiu: If I don't have port 5060 open, how do I get a connection with VFX?


STUN, TURN, Far End Nat Traversal, Keep Alive Packets.



7644 posts

Uber Geek
+1 received by user: 254

Trusted
Subscriber

  Reply # 1077806 1-Jul-2014 12:59 Send private message quote this post

gchiu: between the asterisk box and internet is just an ADSL modem.



What is the make/model of the modem? Does it allow you to specify a src address on the port forward?



462 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077808 1-Jul-2014 13:02 Send private message quote this post

I think I'm using a cheap one port adsl2 modem, and I think I got one with full cone nat.  But since the office is 200 miles north of me, hard for me to check

Does WXC or anyone else have a best practice document on how to secure an Asterisk server when using VFX?

PS: just checked my invoices, it's a Netcomm NB14 one port ADSL2+ modem/router.  I'll need to find an online manual.

7644 posts

Uber Geek
+1 received by user: 254

Trusted
Subscriber

  Reply # 1077814 1-Jul-2014 13:06 Send private message quote this post

WXC can only realistically support a managed solution they provide, if you decide to do you own thing with Asterisk it's up to you to configure/manage it.



462 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077830 1-Jul-2014 13:18 Send private message quote this post

Just wondering how hard it would be for them to block port 5060 to everyone except themselves.

At this point I think I'll just shut the server down.

Just here for the +1
2834 posts

Uber Geek
+1 received by user: 425

Trusted
Think Concepts
Subscriber

  Reply # 1077836 1-Jul-2014 13:22 Send private message quote this post

gchiu: I think I'm using a cheap one port adsl2 modem, and I think I got one with full cone nat.  But since the office is 200 miles north of me, hard for me to check

Does WXC or anyone else have a best practice document on how to secure an Asterisk server when using VFX?

PS: just checked my invoices, it's a Netcomm NB14 one port ADSL2+ modem/router.  I'll need to find an online manual.


What kind of ADSL router? Cheap ones often have some pretty dodgy exploits.




Michael Murphy
[Twitter] [Last.fm] [IPv6 Sage]

Everything I say here is my own opinion and not that of my employer Think Concepts.



19295 posts

Uber Geek
+1 received by user: 1161

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077853 1-Jul-2014 13:29 Send private message quote this post

gchiu: If I don't have port 5060 open, how do I get a connection with VFX?

I have fail2ban which I thought modifies iptables.


Port 5060 doesn't need to have a port forward because of the basic way a router works - when traffic goes out it creates a NAT pinhole allowing traffic back in from the same source, in exactly the same way you don't need to create a port forward for web browsing to work.

If you have issues with UDP timeouts with the NAT pinhole being closed something like options=yes will send a SIP "ping" every so often which will keep the pinhole open.

fail2ban will simply monitor asterisk logs and create iptables blocking rules.




19295 posts

Uber Geek
+1 received by user: 1161

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077855 1-Jul-2014 13:30 Send private message quote this post

gchiu: Just wondering how hard it would be for them to block port 5060 to everyone except themselves.

At this point I think I'll just shut the server down.


WxC (like any other ISP) isn't going to create a firewall for end customers, this is something you need to manage at your end.


1900 posts

Uber Geek
+1 received by user: 285

Subscriber

  Reply # 1077856 1-Jul-2014 13:31 Send private message quote this post

If you must port forward at least have a firewall rule blocking traffic from anything other than your provider's proxy. Even with fail2ban in place there is still traffic hitting your router which you are being charged for.

Otherwise with standard SIP registration it isn't required. Just have it registering regular and use keep-alive's.



462 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077918 1-Jul-2014 14:23 Send private message quote this post

It's a couple of years ago since I set this up, and I've pretty much forgotten what I did.
I think I had an issue with no sound if I didn't port forward but since I don't have access to the server I can't be sure.

I don't allow anonymous sip connections.

Even if I have a firewall setup, presumably I still can't stop them hitting my address and causing some traffic.

Since I only visit the office once a month, I think I'll just setup another mirrow server in Wgton to which I have local access.
And only turn on the office remote server when I'm there.

201 posts

Master Geek
+1 received by user: 13


  Reply # 1078059 1-Jul-2014 16:41 Send private message quote this post

Any chance you can setup a tcpdump on that interface and see what this traffic is ? 

13GB is a hell of a lot of traffic for voip, it would have to be RTP (voice) and you'd expect to see similar amounts both up and down if it was a phone conversation passing media both ways.



462 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1078122 1-Jul-2014 17:59 Send private message quote this post

Well, it looks like I did setup ssh over hamachi to this server so I am now running tcpdump -i eth0 -c 100000 -w capture.log

and will see what happens.  I will capture Hamachi traffic though, so need a way to filter that out.

Already my xport portal shows 40 mb of traffic today when there should be nothing running.

7644 posts

Uber Geek
+1 received by user: 254

Trusted
Subscriber

  Reply # 1078156 1-Jul-2014 18:57 Send private message quote this post

How much data do you have TrueNet configured to use? You can adjust that in their website for your account.

 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Watch this topic Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Lightbox press event release
Created by freitasm, last reply by PhantomNVD on 2-Aug-2014 18:01 (149 replies)
Pages... 8 9 10


What are my rights - Refund for Non-Delivered Goods?
Created by Krishant007, last reply by joker97 on 2-Aug-2014 20:26 (29 replies)
Pages... 2


New Mobile plans coming?
Created by nunasdream, last reply by kawaii on 2-Aug-2014 11:36 (109 replies)
Pages... 6 7 8


Are IT staff supposed to know everything
Created by BTR, last reply by gehenna on 2-Aug-2014 16:41 (47 replies)
Pages... 2 3 4


Google Launcher now available to Android 4.1 devices and up
Created by freitasm, last reply by Presso on 2-Aug-2014 18:41 (19 replies)
Pages... 2


Somewhat nice convertable/similar that doesnt look like a ladies car?
Created by richms, last reply by KiwiNZ on 2-Aug-2014 17:28 (38 replies)
Pages... 2 3


2010 Honda Jazz, Suzuki Swift - which has higher maintenance cost?
Created by joker97, last reply by jonathan18 on 31-Jul-2014 10:47 (76 replies)
Pages... 4 5 6


Does acupuncture work?
Created by timmmay, last reply by timmmay on 1-Aug-2014 19:22 (52 replies)
Pages... 2 3 4



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.