Do I need ports 5060 exposed if I use IAX?

Discussion in 'General' started by borki, Oct 20, 2010.

  1. borki

    Joined:
    Apr 21, 2008
    Messages:
    4
    Likes Received:
    0
    We had a hacker get in and make overseas calls last weekend. The problem was an ATA for the (analog) conference phone that used a weak password.

    I have a local Elastix server that connects to two other servers and the upstream TISP using the IAX protocol. I do not have any remote extensions.

    I was wondering if I can disable port forwarding for port 5060 and leave port 4569 and the RTP range as the only exposed port?

    TIA
     
  2. danardf

    Joined:
    Dec 3, 2007
    Messages:
    8,069
    Likes Received:
    12
    Hi.

    With the IAX2 protocol you have only one port for all. (IAX2 + RTP in the same port)
    So, yes of course, you can disable the SIP port : 5060 UDP and the RTP port 10000 to 20000 UDP.
    And even, you could use the MD5 authentication for this trunk.


    Regards
     
  3. ashtar

    Joined:
    Nov 28, 2010
    Messages:
    3
    Likes Received:
    0
    Hello
    I installed Elastix2.iso file and made extensions. the sip extension work properly via soft phone but the Iax2 extension is not work nicely. the sip phone can call the iax2 soft phone but the iax2 can't call the sip phone. But both can go to conference.
    what do you think about this problem.
    A hint would be appreciated.
    madjid
    madjidashtar at gmail
     
  4. takingyouforward

    Joined:
    Oct 11, 2010
    Messages:
    2
    Likes Received:
    0
    How to secure the ports to your asterisk box
    Here are the tips
    * Locat SIP[5060]
    * IAX (if used)[4569]
    SSH[22]-if doing remote administration system

    Hope it will help you
     
  5. voya

    Joined:
    Apr 6, 2009
    Messages:
    15
    Likes Received:
    0

Share This Page