New Forum system requires email address which you used to apply for your account to replace your original username. Password stays the same.Please see this post for more details
http://forum.yealink.com/forum/showthread.php?tid=40344

Yealink Test Club has been officially launched. Please visit post below to get detail information. Come and join us!
http://forum.yealink.com/forum/announcements.php?aid=18

We just had the YMCS online and we are also working on the features plan on the future versions, in this regard we are need to hear your voice about the YMCS.
Please visit : http://forum.yealink.com/forum/showthread.php?tid=42322


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Protection against SIP vicious on wp52 and above
Author Message
michael@newcoit.com Offline
Junior Member
**

Posts: 2
Joined: Feb 2015
Reputation: 0
Post: #9
RE: Protection against SIP vicious on wp52 and above
This is incorrect, at least as far as invites are concerned and according to my current understanding.

I have pushed a config to a T46 with the Accept Sip Trust option set to 1, the phone will STILL accept bogus invites from an inviteflood tool (Tested using inviteflood tool in Kali Linux, FWIW)

The setting I have found that PREVENTS bogus SIP Invites from ringing the phone is "Allow Direct IP Call" found under General > Features - set it to disabled and then send an Invite to your phone and you will see this prevents this type of attack.

The issue at hand is not particularly the phone server being locked down (you still do want to lock down your phone server as much as possible), it's your edge device, your firewall running NAT which the phones are behind, which is intermittently allowing random SIP Invites through NAT due to NAT pinholing. This becomes a problem with remote phones across the internet if you have any phones in that scenario - you will find ghost calls sometimes will ring those phones due to the above mentioned issue.

I've got a separate thread about it - I've been looking at finding the specific .cfg entry myself in order to automate disabling Allow IP Call.


(02-23-2015 12:26 AM)saulgoodwin Wrote:  Hi Paul,

When you say your colleague changed a setting on his phone which setting do you refer to ?
By setting Accept Sip Trust Server Only to Enable you do indeed lock your phone down to a specific IP. Once it is set to Enable phone will only only accept packets from IPs mentioned in Accounts tab.
02-23-2015 10:53 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
RE: Protection against SIP vicious on wp52 and above - michael@newcoit.com - 02-23-2015 10:53 PM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication