Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is port forwarding port 5060 really a good idea?

Status
Not open for further replies.

sagbab

Programmer
Feb 16, 2009
118
SE
First I need to point out that I'm far from an expert on IP networking, so bear with me.

But I´m going through the install documents of One-X mobile prefered for 9.0. Among other things I'm supposed to do a firewall port forwarding of port 5060 to the IPO. So I'm wondering what it is that allows my One-X mobile client to register but prevents all other forms of SIP clients from registering, or attempting to register. For instance, I have 3rd party IP endpoints in the IPO, wouldn´t forwarding port 5060 mean that I'm inviting anyting on the try and register to them?

Thanks in advance for any thoughts on that.
 
Yeah, you're going to end up with all kinds of people seeing that port open and attempting to use it. Script kiddies, etc.

That's why they have SBC's to insulate the PBX from that activity.

New England Communications
 
You can buy a $1500 SBC from Avaya now, or buy a decent firewall that supports SIP Proxies. We use Watchguard, and the SIP ALG on that doesn't destroy the IPO SIP trunks like other router ALGs do.

In my mind, investing in a decent firewall is the way forward, not an SBC on the INSIDE of your network and unless you are using Secure SIP then your traffic is all unencrypted anyway, making a man in the middle attack pretty easy for someone to snoop on your calls.



ACSS - SME
General Geek

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top