These routers use a range of high ports, nothing is on 5060. It seems that they are scanning, and when they get something, repeatedly attack it. Because our enterprise customers are all on a couple of subnets, they may have keyed into "this range is full of SIP devices" and keep hitting them. On Fri, Nov 20, 2015 at 1:19 PM, Alex Balashov <abalashov at evaristesys.com> wrote:
I was getting ghost ringing into my Polycom because my router sensibly remaps phone:5060 to WAN_IP:5060. My solution was to switch to SIP TCP.
On 11/20/2015 03:14 PM, Carlos Alvarez wrote:
We're starting to see customers who get random arbitrary ringing caused
by a random connection attempt from the internet. Most of our customers have Cisco routers with full-cone NAT, so it's easy to do that. We don't reinvite handsets, we proxy the media, so we've considered using restricted NAT instead. If we can figure out how, we can't find any documentation on how to do it, and don't have a response to our Cisco TAC case on it yet.
But I figured I'd ask if others have come up with better solutions. I know there are a few authentication options in the phones themselves, but they seem to vary greatly by vendor and even by model. I like to do things as simply and system-wide as possible. We primarily sell Grandstream, and we support Cisco/Linksys SPA as well as Polycom IP series (not VVX).
We're an Asterisk-based hosted service provider.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
-- Alex Balashov | Principal | Evariste Systems LLC 303 Perimeter Center North, Suite 300 Atlanta, GA 30346 United States
Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops