09-14-2008 11:02 PM - edited 03-15-2019 01:15 PM
Hi! I find a very dangerous vulnerability in IOS. I have a 2811 with an E1 connection to ISP and a h323 connection to remote office. I find out, that my router gets many-many SIP INVITE messages and establishs connection from anywhere to anywhere throught my ISP! I don't use any SIP-phones or any SIP connection to ISP. So, I blocked incoming packets to my router on port 5060.
IOS c2800nm-advipservicesk9-mz.124-15.T4.bin
Why IOS don't block incoming SIP INVITE if I don't have any sip dial-peers and dont' have a config wth "allow connection from sip to"? It is like an open relay in e-mail terminalogy!!! If I want to use SIP, how can I protect my router?
Solved! Go to Solution.
09-14-2008 11:58 PM
Hi sir,
We assume there is some security
configured at all. IOS firewall, ACL on outside interface, IDS, etc.
Once we have that, you can take a look at
some issue we have when SIP was running per default leading to a vulnerable system state.
http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml
CSCsb25337
CSCsh58082
Workarounds are also listed
I understand your concern with peer to peer protocols like H323 and SIP in which the gateway just becomes 'sitting duck' for exploit attempts.
HTH
09-14-2008 11:58 PM
Hi sir,
We assume there is some security
configured at all. IOS firewall, ACL on outside interface, IDS, etc.
Once we have that, you can take a look at
some issue we have when SIP was running per default leading to a vulnerable system state.
http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml
CSCsb25337
CSCsh58082
Workarounds are also listed
I understand your concern with peer to peer protocols like H323 and SIP in which the gateway just becomes 'sitting duck' for exploit attempts.
HTH
09-16-2008 06:04 AM
Thanks for link! +5 points for you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide