Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.




502 posts

Ultimate Geek
+1 received by user: 2


Topic # 148795 1-Jul-2014 10:57 Send private message

I just noticed that I have about 13Gb of traffic at my remote office where I am about once a month.
It is corresponding to SIP traffic according to my Asterisk logs.
But my xport portal is showing no phone calls being made.

Is there a way I can block SIP traffic except between WXC and my office?

I am running fail2ban on the asterisk box.  And between the asterisk box and internet is just an ADSL modem.

Is there anything else I can do to stop incurring all this traffic and charges arising there from?

I did call tech support and they said they can't do anything about this, they can't even confirm that it is SIP traffic.  The guy said he though it was unlikely since it was mainly uploading but all I have is just the Asterisk box, and a truenet probe installed.

Thanks

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
20207 posts

Uber Geek
+1 received by user: 1756

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077705 1-Jul-2014 11:28 One person supports this post Send private message

You should never have port 5060 exposed to the internet unless you understand the risks - presumably you do have it exposed.

Either remove the port forward or enable iptables on the PBX or your firewall.




502 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077739 1-Jul-2014 12:11 Send private message

If I don't have port 5060 open, how do I get a connection with VFX?

I have fail2ban which I thought modifies iptables.

7780 posts

Uber Geek
+1 received by user: 326

Trusted
Subscriber

  Reply # 1077800 1-Jul-2014 12:55 Send private message

gchiu: If I don't have port 5060 open, how do I get a connection with VFX?


STUN, TURN, Far End Nat Traversal, Keep Alive Packets.



7780 posts

Uber Geek
+1 received by user: 326

Trusted
Subscriber

  Reply # 1077806 1-Jul-2014 12:59 Send private message

gchiu: between the asterisk box and internet is just an ADSL modem.



What is the make/model of the modem? Does it allow you to specify a src address on the port forward?



502 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077808 1-Jul-2014 13:02 Send private message

I think I'm using a cheap one port adsl2 modem, and I think I got one with full cone nat.  But since the office is 200 miles north of me, hard for me to check

Does WXC or anyone else have a best practice document on how to secure an Asterisk server when using VFX?

PS: just checked my invoices, it's a Netcomm NB14 one port ADSL2+ modem/router.  I'll need to find an online manual.

7780 posts

Uber Geek
+1 received by user: 326

Trusted
Subscriber

  Reply # 1077814 1-Jul-2014 13:06 Send private message

WXC can only realistically support a managed solution they provide, if you decide to do you own thing with Asterisk it's up to you to configure/manage it.



502 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077830 1-Jul-2014 13:18 Send private message

Just wondering how hard it would be for them to block port 5060 to everyone except themselves.

At this point I think I'll just shut the server down.

The Game.
3186 posts

Uber Geek
+1 received by user: 667

Trusted
Think Concepts
Subscriber

  Reply # 1077836 1-Jul-2014 13:22 Send private message

gchiu: I think I'm using a cheap one port adsl2 modem, and I think I got one with full cone nat.  But since the office is 200 miles north of me, hard for me to check

Does WXC or anyone else have a best practice document on how to secure an Asterisk server when using VFX?

PS: just checked my invoices, it's a Netcomm NB14 one port ADSL2+ modem/router.  I'll need to find an online manual.


What kind of ADSL router? Cheap ones often have some pretty dodgy exploits.




Michael Murphy
[Twitter] [Last.fm] [IPv6 Sage]

Everything I say here is my own opinion and not that of my employer.

20207 posts

Uber Geek
+1 received by user: 1756

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077853 1-Jul-2014 13:29 Send private message

gchiu: If I don't have port 5060 open, how do I get a connection with VFX?

I have fail2ban which I thought modifies iptables.


Port 5060 doesn't need to have a port forward because of the basic way a router works - when traffic goes out it creates a NAT pinhole allowing traffic back in from the same source, in exactly the same way you don't need to create a port forward for web browsing to work.

If you have issues with UDP timeouts with the NAT pinhole being closed something like options=yes will send a SIP "ping" every so often which will keep the pinhole open.

fail2ban will simply monitor asterisk logs and create iptables blocking rules.




20207 posts

Uber Geek
+1 received by user: 1756

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077855 1-Jul-2014 13:30 Send private message

gchiu: Just wondering how hard it would be for them to block port 5060 to everyone except themselves.

At this point I think I'll just shut the server down.


WxC (like any other ISP) isn't going to create a firewall for end customers, this is something you need to manage at your end.


2120 posts

Uber Geek
+1 received by user: 370

Subscriber

  Reply # 1077856 1-Jul-2014 13:31 Send private message

If you must port forward at least have a firewall rule blocking traffic from anything other than your provider's proxy. Even with fail2ban in place there is still traffic hitting your router which you are being charged for.

Otherwise with standard SIP registration it isn't required. Just have it registering regular and use keep-alive's.



502 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077918 1-Jul-2014 14:23 Send private message

It's a couple of years ago since I set this up, and I've pretty much forgotten what I did.
I think I had an issue with no sound if I didn't port forward but since I don't have access to the server I can't be sure.

I don't allow anonymous sip connections.

Even if I have a firewall setup, presumably I still can't stop them hitting my address and causing some traffic.

Since I only visit the office once a month, I think I'll just setup another mirrow server in Wgton to which I have local access.
And only turn on the office remote server when I'm there.

230 posts

Master Geek
+1 received by user: 21


  Reply # 1078059 1-Jul-2014 16:41 Send private message

Any chance you can setup a tcpdump on that interface and see what this traffic is ? 

13GB is a hell of a lot of traffic for voip, it would have to be RTP (voice) and you'd expect to see similar amounts both up and down if it was a phone conversation passing media both ways.



502 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1078122 1-Jul-2014 17:59 Send private message

Well, it looks like I did setup ssh over hamachi to this server so I am now running tcpdump -i eth0 -c 100000 -w capture.log

and will see what happens.  I will capture Hamachi traffic though, so need a way to filter that out.

Already my xport portal shows 40 mb of traffic today when there should be nothing running.

7780 posts

Uber Geek
+1 received by user: 326

Trusted
Subscriber

  Reply # 1078156 1-Jul-2014 18:57 Send private message

How much data do you have TrueNet configured to use? You can adjust that in their website for your account.

 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Police Camera Van Disguise
Created by Reanalyse, last reply by oxnsox on 19-Dec-2014 21:59 (26 replies)
Pages... 2


Has Spark (Telecom) locked their iphone 6 ?
Created by anewguy2014, last reply by michaelmurfy on 17-Dec-2014 14:32 (25 replies)
Pages... 2


forgot how to unlock a car door
Created by joker97, last reply by joker97 on 19-Dec-2014 19:10 (49 replies)
Pages... 2 3 4


In defence of cats
Created by Rikkitic, last reply by DarthKermit on 17-Dec-2014 15:40 (68 replies)
Pages... 3 4 5


Slaughter of Innocents
Created by networkn, last reply by networkn on 19-Dec-2014 17:46 (64 replies)
Pages... 3 4 5


Lightbox launches on PlayStation 4
Created by freitasm, last reply by sultanoswing on 19-Dec-2014 20:56 (39 replies)
Pages... 2 3


How is iParcel these days?
Created by peejayw, last reply by surfisup1000 on 18-Dec-2014 21:45 (19 replies)
Pages... 2


Spray Foam Insulation
Created by AACTech, last reply by timbosan on 19-Dec-2014 16:58 (36 replies)
Pages... 2 3



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.