Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



478 posts

Ultimate Geek
+1 received by user: 2


Topic # 148795 1-Jul-2014 10:57 Send private message

I just noticed that I have about 13Gb of traffic at my remote office where I am about once a month.
It is corresponding to SIP traffic according to my Asterisk logs.
But my xport portal is showing no phone calls being made.

Is there a way I can block SIP traffic except between WXC and my office?

I am running fail2ban on the asterisk box.  And between the asterisk box and internet is just an ADSL modem.

Is there anything else I can do to stop incurring all this traffic and charges arising there from?

I did call tech support and they said they can't do anything about this, they can't even confirm that it is SIP traffic.  The guy said he though it was unlikely since it was mainly uploading but all I have is just the Asterisk box, and a truenet probe installed.

Thanks

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
19519 posts

Uber Geek
+1 received by user: 1349

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077705 1-Jul-2014 11:28 One person supports this post Send private message

You should never have port 5060 exposed to the internet unless you understand the risks - presumably you do have it exposed.

Either remove the port forward or enable iptables on the PBX or your firewall.




478 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077739 1-Jul-2014 12:11 Send private message

If I don't have port 5060 open, how do I get a connection with VFX?

I have fail2ban which I thought modifies iptables.

7703 posts

Uber Geek
+1 received by user: 288

Trusted
Subscriber

  Reply # 1077800 1-Jul-2014 12:55 Send private message

gchiu: If I don't have port 5060 open, how do I get a connection with VFX?


STUN, TURN, Far End Nat Traversal, Keep Alive Packets.



7703 posts

Uber Geek
+1 received by user: 288

Trusted
Subscriber

  Reply # 1077806 1-Jul-2014 12:59 Send private message

gchiu: between the asterisk box and internet is just an ADSL modem.



What is the make/model of the modem? Does it allow you to specify a src address on the port forward?



478 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077808 1-Jul-2014 13:02 Send private message

I think I'm using a cheap one port adsl2 modem, and I think I got one with full cone nat.  But since the office is 200 miles north of me, hard for me to check

Does WXC or anyone else have a best practice document on how to secure an Asterisk server when using VFX?

PS: just checked my invoices, it's a Netcomm NB14 one port ADSL2+ modem/router.  I'll need to find an online manual.

7703 posts

Uber Geek
+1 received by user: 288

Trusted
Subscriber

  Reply # 1077814 1-Jul-2014 13:06 Send private message

WXC can only realistically support a managed solution they provide, if you decide to do you own thing with Asterisk it's up to you to configure/manage it.



478 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077830 1-Jul-2014 13:18 Send private message

Just wondering how hard it would be for them to block port 5060 to everyone except themselves.

At this point I think I'll just shut the server down.

The Game.
2949 posts

Uber Geek
+1 received by user: 502

Trusted
Think Concepts
Subscriber

  Reply # 1077836 1-Jul-2014 13:22 Send private message

gchiu: I think I'm using a cheap one port adsl2 modem, and I think I got one with full cone nat.  But since the office is 200 miles north of me, hard for me to check

Does WXC or anyone else have a best practice document on how to secure an Asterisk server when using VFX?

PS: just checked my invoices, it's a Netcomm NB14 one port ADSL2+ modem/router.  I'll need to find an online manual.


What kind of ADSL router? Cheap ones often have some pretty dodgy exploits.




Michael Murphy
[Twitter] [Last.fm] [IPv6 Sage]

Everything I say here is my own opinion and not that of my employer.

19519 posts

Uber Geek
+1 received by user: 1349

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077853 1-Jul-2014 13:29 Send private message

gchiu: If I don't have port 5060 open, how do I get a connection with VFX?

I have fail2ban which I thought modifies iptables.


Port 5060 doesn't need to have a port forward because of the basic way a router works - when traffic goes out it creates a NAT pinhole allowing traffic back in from the same source, in exactly the same way you don't need to create a port forward for web browsing to work.

If you have issues with UDP timeouts with the NAT pinhole being closed something like options=yes will send a SIP "ping" every so often which will keep the pinhole open.

fail2ban will simply monitor asterisk logs and create iptables blocking rules.




19519 posts

Uber Geek
+1 received by user: 1349

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077855 1-Jul-2014 13:30 Send private message

gchiu: Just wondering how hard it would be for them to block port 5060 to everyone except themselves.

At this point I think I'll just shut the server down.


WxC (like any other ISP) isn't going to create a firewall for end customers, this is something you need to manage at your end.


1979 posts

Uber Geek
+1 received by user: 319

Subscriber

  Reply # 1077856 1-Jul-2014 13:31 Send private message

If you must port forward at least have a firewall rule blocking traffic from anything other than your provider's proxy. Even with fail2ban in place there is still traffic hitting your router which you are being charged for.

Otherwise with standard SIP registration it isn't required. Just have it registering regular and use keep-alive's.



478 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077918 1-Jul-2014 14:23 Send private message

It's a couple of years ago since I set this up, and I've pretty much forgotten what I did.
I think I had an issue with no sound if I didn't port forward but since I don't have access to the server I can't be sure.

I don't allow anonymous sip connections.

Even if I have a firewall setup, presumably I still can't stop them hitting my address and causing some traffic.

Since I only visit the office once a month, I think I'll just setup another mirrow server in Wgton to which I have local access.
And only turn on the office remote server when I'm there.

210 posts

Master Geek
+1 received by user: 15


  Reply # 1078059 1-Jul-2014 16:41 Send private message

Any chance you can setup a tcpdump on that interface and see what this traffic is ? 

13GB is a hell of a lot of traffic for voip, it would have to be RTP (voice) and you'd expect to see similar amounts both up and down if it was a phone conversation passing media both ways.



478 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1078122 1-Jul-2014 17:59 Send private message

Well, it looks like I did setup ssh over hamachi to this server so I am now running tcpdump -i eth0 -c 100000 -w capture.log

and will see what happens.  I will capture Hamachi traffic though, so need a way to filter that out.

Already my xport portal shows 40 mb of traffic today when there should be nothing running.

7703 posts

Uber Geek
+1 received by user: 288

Trusted
Subscriber

  Reply # 1078156 1-Jul-2014 18:57 Send private message

How much data do you have TrueNet configured to use? You can adjust that in their website for your account.

 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Moment of Truth?
Created by BarTender, last reply by Geektastic on 19-Sep-2014 06:54 (368 replies)
Pages... 23 24 25


10 Iphone 128gb 6+ iphones this weekend at auckland airport
Created by frysie, last reply by TimA on 17-Sep-2014 22:02 (36 replies)
Pages... 2 3


Mr. Key to extradite Kim Dotcom?
Created by TimA, last reply by SaltyNZ on 18-Sep-2014 09:20 (126 replies)
Pages... 7 8 9


Spark DNS Issues - Amazing - Broadband Service Alert
Created by PeteS, last reply by Demeter on 15-Sep-2014 14:13 (307 replies)
Pages... 19 20 21


IOS8 - Network Load
Created by FireEngine, last reply by FireEngine on 19-Sep-2014 06:20 (37 replies)
Pages... 2 3


2014 Holden SS (V8) or Ford XR6-T (in-line 6 turbo)
Created by joker97, last reply by ilovemusic on 16-Sep-2014 14:34 (71 replies)
Pages... 3 4 5


Is there anyone who would not upgrade to iphone 6 bcos it only has 1gb ram?
Created by joker97, last reply by joker97 on 18-Sep-2014 23:18 (16 replies)
Pages... 2


Maybe some politicians should go back to school?
Created by jarledb, last reply by DarthKermit on 18-Sep-2014 18:27 (31 replies)
Pages... 2 3



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.