Re: Prevention against attackers sip server

akashjoseph199703068 · ‎10-20-2020

l have an Rv340 with sip server, with port 5060 and 5061 are opened. Some one trying to break into my sip server as I scanned my network with nmap my sip server details can be found.

As I want to know how to protect my sip server against attacker and also is there any way prevent my sip server details to be display on nmap.

Other than my sip server details no other details is displayed when scanned with nmap.

balaji.bandi · ‎10-21-2020

If this big network and you have a volume of traffic for voice, RV series may not help this kind of attack, but you can enable features as below and test.

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb1177-configure-attack-prevention-security-features-on-rv120w-and.html

Another question is this SIP server only peer with provider ? or open for any users to register incoming?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

akashjoseph199703068 · ‎10-21-2020

My network is small. Sip accounts is less 25.

Is Rv340 enough?

marce1000 · ‎10-21-2020

- Presumably you might be able to use ACL's to only allow sip-connections from authorized sources, also check if this document can be useful :

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/sec-data-zbf-xe-book/sec-data-zbf-xe-book_chapter_011111.pdf

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

akashjoseph199703068 · ‎10-21-2020

My sip server doesn't use sip alg protocol.

My sip server uses few mobile client which has dynamic ip.

So please me how to configure ACL.

Does if I block ICMP will it help