Do I need ports 5060 exposed if I use IAX?

borki

Joined
Apr 21, 2008
Messages
4
Likes
0
Points
0
#1
We had a hacker get in and make overseas calls last weekend. The problem was an ATA for the (analog) conference phone that used a weak password.

I have a local Elastix server that connects to two other servers and the upstream TISP using the IAX protocol. I do not have any remote extensions.

I was wondering if I can disable port forwarding for port 5060 and leave port 4569 and the RTP range as the only exposed port?

TIA
 

danardf

Joined
Dec 3, 2007
Messages
8,069
Likes
10
Points
88
#2
Hi.

With the IAX2 protocol you have only one port for all. (IAX2 + RTP in the same port)
So, yes of course, you can disable the SIP port : 5060 UDP and the RTP port 10000 to 20000 UDP.
And even, you could use the MD5 authentication for this trunk.


Regards
 

ashtar

Joined
Nov 28, 2010
Messages
3
Likes
0
Points
0
#3
Hello
I installed Elastix2.iso file and made extensions. the sip extension work properly via soft phone but the Iax2 extension is not work nicely. the sip phone can call the iax2 soft phone but the iax2 can't call the sip phone. But both can go to conference.
what do you think about this problem.
A hint would be appreciated.
madjid
madjidashtar at gmail
 

takingyouforward

Joined
Oct 11, 2010
Messages
2
Likes
0
Points
0
#4
How to secure the ports to your asterisk box
Here are the tips
* Locat SIP[5060]
* IAX (if used)[4569]
SSH[22]-if doing remote administration system

Hope it will help you
 

voya

Joined
Apr 6, 2009
Messages
15
Likes
0
Points
0
#5

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,898
Messages
130,879
Members
17,560
Latest member
manuelc
Top