VoIP

1 readers

1 users here now

Rules

Be civil. Disagreements of varying intensities will happen, but particularly vitriolic attacks will be pruned from the discussion.
Do not promote or advertise for any business, service or product unless responding to a specific request for recommendations. This includes recommending a user change providers when they have not indicated they are interested in doing so.
Do not send private messages to users, or invite users to send you a private message, for the purpose of promoting or advertising a business, service or product.
Do not invite, encourage, or seek help with engaging in unethical or fraudulent activity relating to VoIP, such as call spoofing, robocalling and autodialers, or fraudulent STIR/SHAKEN attestation.

founded 1 year ago

MODERATORS

communick@netheads.online

Securely Exposing FreePBX for Remote Access with a Focus on SIP and RTP Ports (alien.top)

submitted 11 months ago by saygon90@alien.top to c/voip@netheads.online

18 comments fedilink hide all child comments

Hi, due to a very extensive project, we need to expose FreePBX to the internet. Specifically, we are concerned with the SIP and RTP ports. The purpose of this action is to allow logging into the system using softphones and configured phones without the need for VPN.

In the past, I noticed that exposing port 5060 results in numerous brute force attacks where the attacker tries to impersonate an extension that exists in the system. However, due to the lack of a password, they are unable to make a phone call. Does an attacker, without knowledge of the extension password, have the ability to make calls at the expense of the client?

Ports such as 443, 80, 22, etc., will not be exposed to the world, only the ports required for telephony.

you are viewing a single comment's thread
view the rest of the comments

[–] cop3x@alien.top 1 points 11 months ago (1 children)

I just use tls and the inbuilt firewall with fail2ban using a script to update a firewall blacklist rule.

[–] saygon90@alien.top 1 points 11 months ago (1 children)

Is this script actively developed and updated, or are you using your own solution?

[–] cop3x@alien.top 1 points 11 months ago (2 children)

coustom script, it's a bash script that looks at fail2ban logs, then adds an ip address to the firewall block list.

[–] TheRealNalaLockspur@alien.top 1 points 11 months ago

Go go power scripters… pew pew pew pewpewpew

[–] Stantheman822@alien.top 1 points 11 months ago

Mind sharing?