Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



493 posts

Ultimate Geek
+1 received by user: 2


Topic # 148795 1-Jul-2014 10:57 Send private message

I just noticed that I have about 13Gb of traffic at my remote office where I am about once a month.
It is corresponding to SIP traffic according to my Asterisk logs.
But my xport portal is showing no phone calls being made.

Is there a way I can block SIP traffic except between WXC and my office?

I am running fail2ban on the asterisk box.  And between the asterisk box and internet is just an ADSL modem.

Is there anything else I can do to stop incurring all this traffic and charges arising there from?

I did call tech support and they said they can't do anything about this, they can't even confirm that it is SIP traffic.  The guy said he though it was unlikely since it was mainly uploading but all I have is just the Asterisk box, and a truenet probe installed.

Thanks

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
19872 posts

Uber Geek
+1 received by user: 1568

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077705 1-Jul-2014 11:28 One person supports this post Send private message

You should never have port 5060 exposed to the internet unless you understand the risks - presumably you do have it exposed.

Either remove the port forward or enable iptables on the PBX or your firewall.




493 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077739 1-Jul-2014 12:11 Send private message

If I don't have port 5060 open, how do I get a connection with VFX?

I have fail2ban which I thought modifies iptables.

7756 posts

Uber Geek
+1 received by user: 318

Trusted
Subscriber

  Reply # 1077800 1-Jul-2014 12:55 Send private message

gchiu: If I don't have port 5060 open, how do I get a connection with VFX?


STUN, TURN, Far End Nat Traversal, Keep Alive Packets.



7756 posts

Uber Geek
+1 received by user: 318

Trusted
Subscriber

  Reply # 1077806 1-Jul-2014 12:59 Send private message

gchiu: between the asterisk box and internet is just an ADSL modem.



What is the make/model of the modem? Does it allow you to specify a src address on the port forward?



493 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077808 1-Jul-2014 13:02 Send private message

I think I'm using a cheap one port adsl2 modem, and I think I got one with full cone nat.  But since the office is 200 miles north of me, hard for me to check

Does WXC or anyone else have a best practice document on how to secure an Asterisk server when using VFX?

PS: just checked my invoices, it's a Netcomm NB14 one port ADSL2+ modem/router.  I'll need to find an online manual.

7756 posts

Uber Geek
+1 received by user: 318

Trusted
Subscriber

  Reply # 1077814 1-Jul-2014 13:06 Send private message

WXC can only realistically support a managed solution they provide, if you decide to do you own thing with Asterisk it's up to you to configure/manage it.



493 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077830 1-Jul-2014 13:18 Send private message

Just wondering how hard it would be for them to block port 5060 to everyone except themselves.

At this point I think I'll just shut the server down.

The Game.
3057 posts

Uber Geek
+1 received by user: 571

Trusted
Think Concepts
Subscriber

  Reply # 1077836 1-Jul-2014 13:22 Send private message

gchiu: I think I'm using a cheap one port adsl2 modem, and I think I got one with full cone nat.  But since the office is 200 miles north of me, hard for me to check

Does WXC or anyone else have a best practice document on how to secure an Asterisk server when using VFX?

PS: just checked my invoices, it's a Netcomm NB14 one port ADSL2+ modem/router.  I'll need to find an online manual.


What kind of ADSL router? Cheap ones often have some pretty dodgy exploits.




Michael Murphy
[Twitter] [Last.fm] [IPv6 Sage]

Everything I say here is my own opinion and not that of my employer.

19872 posts

Uber Geek
+1 received by user: 1568

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077853 1-Jul-2014 13:29 Send private message

gchiu: If I don't have port 5060 open, how do I get a connection with VFX?

I have fail2ban which I thought modifies iptables.


Port 5060 doesn't need to have a port forward because of the basic way a router works - when traffic goes out it creates a NAT pinhole allowing traffic back in from the same source, in exactly the same way you don't need to create a port forward for web browsing to work.

If you have issues with UDP timeouts with the NAT pinhole being closed something like options=yes will send a SIP "ping" every so often which will keep the pinhole open.

fail2ban will simply monitor asterisk logs and create iptables blocking rules.




19872 posts

Uber Geek
+1 received by user: 1568

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077855 1-Jul-2014 13:30 Send private message

gchiu: Just wondering how hard it would be for them to block port 5060 to everyone except themselves.

At this point I think I'll just shut the server down.


WxC (like any other ISP) isn't going to create a firewall for end customers, this is something you need to manage at your end.


2044 posts

Uber Geek
+1 received by user: 334

Subscriber

  Reply # 1077856 1-Jul-2014 13:31 Send private message

If you must port forward at least have a firewall rule blocking traffic from anything other than your provider's proxy. Even with fail2ban in place there is still traffic hitting your router which you are being charged for.

Otherwise with standard SIP registration it isn't required. Just have it registering regular and use keep-alive's.



493 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077918 1-Jul-2014 14:23 Send private message

It's a couple of years ago since I set this up, and I've pretty much forgotten what I did.
I think I had an issue with no sound if I didn't port forward but since I don't have access to the server I can't be sure.

I don't allow anonymous sip connections.

Even if I have a firewall setup, presumably I still can't stop them hitting my address and causing some traffic.

Since I only visit the office once a month, I think I'll just setup another mirrow server in Wgton to which I have local access.
And only turn on the office remote server when I'm there.

221 posts

Master Geek
+1 received by user: 21


  Reply # 1078059 1-Jul-2014 16:41 Send private message

Any chance you can setup a tcpdump on that interface and see what this traffic is ? 

13GB is a hell of a lot of traffic for voip, it would have to be RTP (voice) and you'd expect to see similar amounts both up and down if it was a phone conversation passing media both ways.



493 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1078122 1-Jul-2014 17:59 Send private message

Well, it looks like I did setup ssh over hamachi to this server so I am now running tcpdump -i eth0 -c 100000 -w capture.log

and will see what happens.  I will capture Hamachi traffic though, so need a way to filter that out.

Already my xport portal shows 40 mb of traffic today when there should be nothing running.

7756 posts

Uber Geek
+1 received by user: 318

Trusted
Subscriber

  Reply # 1078156 1-Jul-2014 18:57 Send private message

How much data do you have TrueNet configured to use? You can adjust that in their website for your account.

 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Government Limos
Created by networkn, last reply by Bung on 31-Oct-2014 12:39 (94 replies)
Pages... 5 6 7


How good is your general Science Knowledge?
Created by Aredwood, last reply by freitasm on 1-Nov-2014 18:38 (48 replies)
Pages... 2 3 4


Shutup and take my money (via NFC on my mobile phone)
Created by sxz, last reply by sonyxperiageek on 31-Oct-2014 22:34 (24 replies)
Pages... 2


Got a good ol parking fine
Created by Lyderies, last reply by lxsw20 on 1-Nov-2014 19:56 (22 replies)
Pages... 2


OneDrive code giveaway - go!
Created by freitasm, last reply by PhantomNVD on 1-Nov-2014 10:31 (36 replies)
Pages... 2 3


Uber: a cheaper taxi ride?
Created by kingdragonfly, last reply by livisun on 31-Oct-2014 14:47 (34 replies)
Pages... 2 3


Sky will be 'upgrading software' of My Sky to connect to internet. What does that mean?
Created by Geektastic, last reply by TwoSeven on 1-Nov-2014 17:43 (30 replies)
Pages... 2


DDos Protection from ISP
Created by charsleysa, last reply by freitasm on 31-Oct-2014 12:11 (46 replies)
Pages... 2 3 4



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.