Is port forwarding port 5060 really a good idea?

[sagbab]

First I need to point out that I'm far from an expert on IP networking, so bear with me.

But I´m going through the install documents of One-X mobile prefered for 9.0. Among other things I'm supposed to do a firewall port forwarding of port 5060 to the IPO. So I'm wondering what it is that allows my One-X mobile client to register but prevents all other forms of SIP clients from registering, or attempting to register. For instance, I have 3rd party IP endpoints in the IPO, wouldn´t forwarding port 5060 mean that I'm inviting anyting on the

http://www to

try and register to them?

Thanks in advance for any thoughts on that.

 

[JayNEC]

Yeah, you're going to end up with all kinds of people seeing that port open and attempting to use it. Script kiddies, etc.

That's why they have SBC's to insulate the PBX from that activity.

New England Communications

http://www.necomm.com

 

[sagbab]

Ok, thanks Jay.

 

[hairlessupportmonkey]

You can buy a $1500 SBC from Avaya now, or buy a decent firewall that supports SIP Proxies. We use Watchguard, and the SIP ALG on that doesn't destroy the IPO SIP trunks like other router ALGs do.

In my mind, investing in a decent firewall is the way forward, not an SBC on the INSIDE of your network and unless you are using Secure SIP then your traffic is all unencrypted anyway, making a man in the middle attack pretty easy for someone to snoop on your calls.



ACSS - SME
General Geek