Okay, follow-up to the question.
How bad an idea is it to leave this security feature disabled?
I have a bit of experience in this area, I use an Asterisk (FreePBX distro) for my work phone system, and Callcentric is my SIP trunker. Before I limited incoming connections to my FreePBX server to the Callcentric range above, there would be occasions (maybe once every 2-3 weeks) where someone (probably up to no good) found my open port(s) and all my phones would start ringing simultaneously. It lasted for about 20-30 seconds, and then would stop.
My assumption was that someone was looking for security vulnerabilities so they could use my Asterisk box to place their LD (maybe even overseas) calls. They never got anywhere, though, as the Asterisk was fully patched, and my passwords for my handsets were strong.
I wonder if the Cisco UC540 will suffer the same sort of result, or worse, or maybe even not so much.
Obviously I can simply select another trunker. The thing I like about Callcentric are the rates and also the dashboard that allows me to make a lot of adjustments (like forwarding calls to a cell phone number, and the ability to configure faxing reception, too). So if anyone has a suggestion for a supported SIP trunker that supports the same types of features, I'd be open to that, as well.
BTW, I did ask Callcentric one more time, with a link to this topic, whether they can restrict that range to better than 0-255, but they declined. I see their point, just wish there was another simple way around this.
