It only happens occasionally but it generates an alarm saying all keycoded SIP Trunks in use. This appears to be due to flooding by hackers directly trying to access the BCM on the SIP trunks. I've seen this on other systems, but generally there is a setting that makes it so that only the account registered on the system can actually call into the phone system and are not able to call the phone system directly by the IP address. Is there such a provision or setting on the BCM or is there a work around to not being bombarded by hackers preventing your legitimate calls from getting through?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
BCM50 SIP Trunks all in use 1
- Thread starter canflyguy
- Start date
-
1
- #2
curlycord
Programmer
Make sure to disable any SIP or ALG settings and do NOT forward any ports for SIP such as 5060.
These are the only ports I have forwarded on my router and both SIP Trunks and IP Sets work fine:
UDP 7000-7002
UDP 28000-28255
UDP 51000-51200
________________________________________
=----(((((((((()----=
Toronto, Canada
Add me to LinkedIN
These are the only ports I have forwarded on my router and both SIP Trunks and IP Sets work fine:
UDP 7000-7002
UDP 28000-28255
UDP 51000-51200
________________________________________
=----(((((((((()----=
Toronto, Canada
Add me to LinkedIN
- Thread starter
- #3
Hi there!
So I know that the 5060 port should definitely not be forwarded, but the other series of ports, 7000-7002 I thought was for IP set registration? And, as far as UDP 28000-28255 and UDP 51000-51200 I haven't looked them up to see if they deal with SIP trunking, but the SIP trunking works currently without any of these ports forwarded? The only thing I've found is that there seems to be some issue with calls being missed at times and not getting into the office. I'm going to check on the SIP and ALG settings just to be sure, but I'm pretty sure they have been turned off previously.
So I know that the 5060 port should definitely not be forwarded, but the other series of ports, 7000-7002 I thought was for IP set registration? And, as far as UDP 28000-28255 and UDP 51000-51200 I haven't looked them up to see if they deal with SIP trunking, but the SIP trunking works currently without any of these ports forwarded? The only thing I've found is that there seems to be some issue with calls being missed at times and not getting into the office. I'm going to check on the SIP and ALG settings just to be sure, but I'm pretty sure they have been turned off previously.
- Thread starter
- #4
As a follow-up to this: I just received a complaint from an end user that they were getting phone calls on their off premise IP phone that indicate extension 068? When answered, there is no audio heard. I suspect it's a hacker call, but is there a way to prevent this type of intrusion? As mentioned on my initial post, I know on the newer systems, you can specify to only accept traffic from the SIP provider address, but is this possible on either the BCM or the IP phone? I'm not sure at this point if the calls are going through the BCM or just direct to the off-premise SIP phone?
These sort of preventative measures are done with your firewall. Only allow SIP traffic from your SIP trunk provider.
- Status
Similar threads
- Locked
- Question