Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



475 posts

Ultimate Geek
+1 received by user: 2


Topic # 148795 1-Jul-2014 10:57 Send private message

I just noticed that I have about 13Gb of traffic at my remote office where I am about once a month.
It is corresponding to SIP traffic according to my Asterisk logs.
But my xport portal is showing no phone calls being made.

Is there a way I can block SIP traffic except between WXC and my office?

I am running fail2ban on the asterisk box.  And between the asterisk box and internet is just an ADSL modem.

Is there anything else I can do to stop incurring all this traffic and charges arising there from?

I did call tech support and they said they can't do anything about this, they can't even confirm that it is SIP traffic.  The guy said he though it was unlikely since it was mainly uploading but all I have is just the Asterisk box, and a truenet probe installed.

Thanks

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
19418 posts

Uber Geek
+1 received by user: 1263

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077705 1-Jul-2014 11:28 One person supports this post Send private message

You should never have port 5060 exposed to the internet unless you understand the risks - presumably you do have it exposed.

Either remove the port forward or enable iptables on the PBX or your firewall.




475 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077739 1-Jul-2014 12:11 Send private message

If I don't have port 5060 open, how do I get a connection with VFX?

I have fail2ban which I thought modifies iptables.

7682 posts

Uber Geek
+1 received by user: 266

Trusted
Subscriber

  Reply # 1077800 1-Jul-2014 12:55 Send private message

gchiu: If I don't have port 5060 open, how do I get a connection with VFX?


STUN, TURN, Far End Nat Traversal, Keep Alive Packets.



7682 posts

Uber Geek
+1 received by user: 266

Trusted
Subscriber

  Reply # 1077806 1-Jul-2014 12:59 Send private message

gchiu: between the asterisk box and internet is just an ADSL modem.



What is the make/model of the modem? Does it allow you to specify a src address on the port forward?



475 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077808 1-Jul-2014 13:02 Send private message

I think I'm using a cheap one port adsl2 modem, and I think I got one with full cone nat.  But since the office is 200 miles north of me, hard for me to check

Does WXC or anyone else have a best practice document on how to secure an Asterisk server when using VFX?

PS: just checked my invoices, it's a Netcomm NB14 one port ADSL2+ modem/router.  I'll need to find an online manual.

7682 posts

Uber Geek
+1 received by user: 266

Trusted
Subscriber

  Reply # 1077814 1-Jul-2014 13:06 Send private message

WXC can only realistically support a managed solution they provide, if you decide to do you own thing with Asterisk it's up to you to configure/manage it.



475 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077830 1-Jul-2014 13:18 Send private message

Just wondering how hard it would be for them to block port 5060 to everyone except themselves.

At this point I think I'll just shut the server down.

The Game.
2903 posts

Uber Geek
+1 received by user: 470

Trusted
Think Concepts
Subscriber

  Reply # 1077836 1-Jul-2014 13:22 Send private message

gchiu: I think I'm using a cheap one port adsl2 modem, and I think I got one with full cone nat.  But since the office is 200 miles north of me, hard for me to check

Does WXC or anyone else have a best practice document on how to secure an Asterisk server when using VFX?

PS: just checked my invoices, it's a Netcomm NB14 one port ADSL2+ modem/router.  I'll need to find an online manual.


What kind of ADSL router? Cheap ones often have some pretty dodgy exploits.




Michael Murphy
[Twitter] [Last.fm] [IPv6 Sage]

Everything I say here is my own opinion and not that of my employer.

19418 posts

Uber Geek
+1 received by user: 1263

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077853 1-Jul-2014 13:29 Send private message

gchiu: If I don't have port 5060 open, how do I get a connection with VFX?

I have fail2ban which I thought modifies iptables.


Port 5060 doesn't need to have a port forward because of the basic way a router works - when traffic goes out it creates a NAT pinhole allowing traffic back in from the same source, in exactly the same way you don't need to create a port forward for web browsing to work.

If you have issues with UDP timeouts with the NAT pinhole being closed something like options=yes will send a SIP "ping" every so often which will keep the pinhole open.

fail2ban will simply monitor asterisk logs and create iptables blocking rules.




19418 posts

Uber Geek
+1 received by user: 1263

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077855 1-Jul-2014 13:30 Send private message

gchiu: Just wondering how hard it would be for them to block port 5060 to everyone except themselves.

At this point I think I'll just shut the server down.


WxC (like any other ISP) isn't going to create a firewall for end customers, this is something you need to manage at your end.


1960 posts

Uber Geek
+1 received by user: 309

Subscriber

  Reply # 1077856 1-Jul-2014 13:31 Send private message

If you must port forward at least have a firewall rule blocking traffic from anything other than your provider's proxy. Even with fail2ban in place there is still traffic hitting your router which you are being charged for.

Otherwise with standard SIP registration it isn't required. Just have it registering regular and use keep-alive's.



475 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1077918 1-Jul-2014 14:23 Send private message

It's a couple of years ago since I set this up, and I've pretty much forgotten what I did.
I think I had an issue with no sound if I didn't port forward but since I don't have access to the server I can't be sure.

I don't allow anonymous sip connections.

Even if I have a firewall setup, presumably I still can't stop them hitting my address and causing some traffic.

Since I only visit the office once a month, I think I'll just setup another mirrow server in Wgton to which I have local access.
And only turn on the office remote server when I'm there.

205 posts

Master Geek
+1 received by user: 13


  Reply # 1078059 1-Jul-2014 16:41 Send private message

Any chance you can setup a tcpdump on that interface and see what this traffic is ? 

13GB is a hell of a lot of traffic for voip, it would have to be RTP (voice) and you'd expect to see similar amounts both up and down if it was a phone conversation passing media both ways.



475 posts

Ultimate Geek
+1 received by user: 2


  Reply # 1078122 1-Jul-2014 17:59 Send private message

Well, it looks like I did setup ssh over hamachi to this server so I am now running tcpdump -i eth0 -c 100000 -w capture.log

and will see what happens.  I will capture Hamachi traffic though, so need a way to filter that out.

Already my xport portal shows 40 mb of traffic today when there should be nothing running.

7682 posts

Uber Geek
+1 received by user: 266

Trusted
Subscriber

  Reply # 1078156 1-Jul-2014 18:57 Send private message

How much data do you have TrueNet configured to use? You can adjust that in their website for your account.

 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Warning: Rage Ahead - Campbell Live and childhood poverty
Created by kawaii, last reply by charsleysa on 3-Sep-2014 13:19 (155 replies)
Pages... 9 10 11


Does NZ need better gun laws?
Created by mattwnz, last reply by mattwnz on 3-Sep-2014 14:16 (138 replies)
Pages... 8 9 10


What tyre brand/model to look at ?
Created by Mark, last reply by Oblivian on 2-Sep-2014 21:36 (35 replies)
Pages... 2 3


Judith Collins: I am resigning
Created by Presso, last reply by gzt on 2-Sep-2014 11:42 (109 replies)
Pages... 6 7 8


VideoEZY OnDemand
Created by Andib, last reply by sen8or on 3-Sep-2014 07:45 (64 replies)
Pages... 3 4 5


Cirque du Soleil Cellphone Hijack
Created by myopinion, last reply by PhantomNVD on 1-Sep-2014 18:01 (21 replies)
Pages... 2


Orcon Global Mode launched
Created by freitasm, last reply by shk292 on 1-Sep-2014 11:32 (132 replies)
Pages... 7 8 9


Lightbox press event release
Created by freitasm, last reply by BigHammer on 3-Sep-2014 13:46 (568 replies)
Pages... 36 37 38



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.