Hi! I find a very dangerous vulnerability in IOS. I have a 2811 with an E1 connection to ISP and a h323 connection to remote office. I find out, that my router gets many-many SIP INVITE messages and establishs connection from anywhere to anywhere throught my ISP! I don't use any SIP-phones or any SIP connection to ISP. So, I blocked incoming packets to my router on port 5060.
Why IOS don't block incoming SIP INVITE if I don't have any sip dial-peers and dont' have a config wth "allow connection from sip to"? It is like an open relay in e-mail terminalogy!!! If I want to use SIP, how can I protect my router?
We assume there is some security
configured at all. IOS firewall, ACL on outside interface, IDS, etc.
Once we have that, you can take a look at
some issue we have when SIP was running per default leading to a vulnerable system state.
Workarounds are also listed
I understand your concern with peer to peer protocols like H323 and SIP in which the gateway just becomes 'sitting duck' for exploit attempts.