i use router 2811 with cm express for isdn dialing to pstn. my isp inform me that i have high voice traffic to some countries in asia and africa. i debuged it - all calls were over sip, which was enable on public interface in the default sip cfg (i didnt see anything about enable sip in the startup-config). now i disable tcp/udp sip transport, everything is ok but can you explain me what is possible or where is problem ?
Basicly SIP, H.323 and MGCP ports stay open no matter if you have configured/enabled any of these services and any one can connect to the router on port 5060 (for example) and if he guesses the righ pattern to go out through your pots dial-peers you'll get a quite nice bill from your telco ;)
So deny any ports that these protocols use if you have ISDN and internet on the same router. Permit them only from trusted hosts if that is possible and always put the sip no transport tcp/udp if you dont use SIP.
Use show tcp all brief and show ip sockets (if available in your IOS) to see on what ports your router is listening.
One of our clients said goodbuy to a couple of thousand dollars the day before this advisory was posted.
thank you for info. i read your advisory link but if i understand (there are many info about device crash) main reason of my problem could be this " can potentially lead to remote code execution" ? if yes, do you have any sample code please ?
As I told you, your router listens on these ports and it is possible that some one can remotely "execute code" on them, i.e. send call-setup signalization and eventually make a call. This does not meen that the have accessed the router.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...