Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: How to protect Quadro from SIP attacks (basic guidance)

  1. #11

    Default One problem replaces another!

    I was hit with someone making calls through one of the extensions on my Quadro 2X, and think I have fixed it using option 1 outlined above.

    If I understand this well enough (I'm not a VoIP expert but have reasonable technical skills) I suspect my problem was that I had opened SIP access to allow me to use two IP soft phones as extensions in my home office. I am running two networks - one for data (computers, etc) and the other for VoIP phone. My data network connects directly to my ADSL router and the Quadro is attached to the local network on the WAN side, and all my IP phones are attached on their own network on the LAN side of the Quadro… except for the two soft phones that are attached to the Quadro on the way inside, hence me enabling SIP access. I have, of course, forwarded SIP and RTP ports to the Quadro in my (Draytek 2820) router. My problem now using this configuration is that the two soft phones no longer work.

    What is my best approach to fix this? Should I put a second ethernet card in each of the computers that use the soft phones and connect the second card to the LAN side of the Quadro? Should I enable Remote extensions on the two extensions I have set up and connect to those extensions as if I am out of the office?

    This has spooked me a bit. Fortunately my VoIP provider picked up on the irregular calls before it cost me too much (to mobiles in Macedonia… why did whoever hacked in have to choose one of the most expensive places to call? Don't answer that!). However, it's not at all clear to me how someone managed to logon to one of my extensions (and why just that one and not the others), and without understanding that I'm now wondering if I am now safe.

    I have also changed the passwords in the SIP configuration for all of my extensions (can anyone explain to me the difference between the "General Settings" password and the "SIP Settings" password? It has never been quite clear to me which of those two passwords is the one that needs to be configured in the phone itself, although it seems I've been able to get it to work). Is there anything else I need to do to be bullet-proof?

    If anybody could point me at an idiot's guide to this stuff, that would also be much appreciated.

    Cheers,
    Mark

  2. #12
    Quadro Architect
    Join Date
    Jun 2006
    Location
    Around myself
    Posts
    2,075

    Default

    Not sure I know any guide of that kind...
    About the passwords... - none of the two passwords you mentioned has to be configured on the phone side. The password to be configured on the phone is the third one . Thats the IP Line password (on the "Telephony->"IP Line Settings"->Line X").
    If I ever come to Australia to give trainings on Quadro usage, I promise to explain the difference between those three different passwords

    About the attacks... I think those attacks were possible because 1) as you told you have opened SIP access for everybody; 2) because you didn't secure your call routing table.

    Actually the guidance on this forum thread is for preventing SIP DoS attacks, but not for protection from anauthorised calls. For securing the device from unauthorized calls there is a special document on the Epygi web portal, called "Preventing Unauthorized Calls on the Quadro" (to find that, just search using the download area for the doc containing the word "Unauthorized").

    You can read that doc, and use it to secure the Quadro. But as your config is pretty simple, you can alternatively just edit the "SIP Access" rule, and allow the WAN access ONLY for the two IP addresses of your two PC's with softphones.

  3. #13

    Default Locked up too tight!

    Thanks for your advice on this - I think I'm getting my head around this now.

    By deleting the SIP Filtering Rule that I had that permitted access to all IP addresses from the WAN side of the Quadro I certainly seem to have blocked access for unauthorised calls. In the process, though, I also blocked access for the softphones running on PCs on my local LAN. With my new-found (still limited) understanding of Filtering Rules, I seem to have sorted that out at least to some extent by adding an IP Pool Group that defines the IP addresses of the computers running soft phones on my local LAN (the Quadro is attached to this LAN on its WAN side), then allowing that Group to have SIP Access.

    That's probably only a part solution because the computers on the main LAN use dynamic IP addressing so I'm never quite sure what their IP address will be (I have put enough addresses into the Group to cover the PCs for now). I'm sure a better way would be to use the IP/Mask field to define a range of IP addresses, but like much of the Quadro manual, I found the description of this option to be unclear:

    "Selecting IP/Mask will require the subnet to be allowed or
    blocked, specified by an IP address and the Maskbits.
    Maskbit examples:
    255.0.0.0= /8,
    255.255.0.0 = /16,
    255.255.255.0 = /24,
    255.255.255.255= /32"

    What values should I enter in this field to permit only IP addresses 192.168.1.xxx to access the Quadro from its WAN side?

  4. #14

    Default

    What values should I enter in this field to permit only IP addresses 192.168.1.xxx to access the Quadro from its WAN side?

    I believe you should enter 192.168.1.0/24

  5. #15

    Default

    So for 192.168.*.* it would be

    192.168.0.0/16 ?

    Can somebody confirm this?

  6. #16

    Default hi...here is some info for you

    Such attacks can be potentially dangerous. If somebody is constantly trying to guess your passwords, there is some probability that he will succeed some day.. If hacker is successful, one fine day the IPPBX owner could find his telephone bill containing tremendous number of calls to pretty expensive international destinations... Not a pleasant surprise at all.


    signage
    Hoarding In U.P

  7. #17

    Default

    What are our options for older hardware systems 4x and 2x that can't be upgraded to 5.2 software. I would like to enable IDS for SIP attacks but think I have to upgrade to 5.2 but the upgrade fails.

  8. #18

    Default

    @butcheac,

    Epygi designated these systems were discontinued and out-of-support many years ago. That includes software support.

    Regards,
    Hagop
    Epygi Support

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Basic Router Features of the Quadro.
    By SITEL S.A in forum Installation
    Replies: 0
    Last Post: 05-19-2010, 02:52 PM
  2. Basic Config
    By scrumpers in forum VXML Scripting on Quadro
    Replies: 2
    Last Post: 05-12-2009, 12:50 PM
  3. pin protect specific numbers
    By zero in forum 'How Do I' Questions
    Replies: 4
    Last Post: 11-14-2008, 02:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •