this post was submitted on 23 Nov 2023
1 points (100.0% liked)
VoIP
1 readers
1 users here now
Rules
-
Be civil. Disagreements of varying intensities will happen, but particularly vitriolic attacks will be pruned from the discussion.
-
Do not promote or advertise for any business, service or product unless responding to a specific request for recommendations. This includes recommending a user change providers when they have not indicated they are interested in doing so.
-
Do not send private messages to users, or invite users to send you a private message, for the purpose of promoting or advertising a business, service or product.
-
Do not invite, encourage, or seek help with engaging in unethical or fraudulent activity relating to VoIP, such as call spoofing, robocalling and autodialers, or fraudulent STIR/SHAKEN attestation.
founded 11 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No but they can if the system is improperly configured or the system is changed to be badly configured so a better answer is "maybe". Just because they can't today doesn't mean they won't be able to tomorrow or next week (see below).
Exposing the SIP port to the world will quickly have them knocking on your door and twisting the door nob to see if it is locked, all night, all day, everyday, forever... consuming bandwidth and system resources.
If you enable the “Responsive” firewall features then attackers (identified by connection attempts with the wrong credentials) get shunned (ignored, packets dropped) after a couple of login attempts for a configurable length of time which sounds good but with a recent exploit they were somehow able to turn off the firewall remotely and start exploiting systems so it's something you have to manage carefully. Be careful when configuring the responsive firewall as it's not uncommon for someone to lock themselves out of their own system.
Consider installing a Session Border Controller (SBC) for more security.
The exploit you mentioned was targeted at the REST API or the web interface, if I'm not mistaken. Both of these components will not be exposed to the network.
Regarding the Session Border Controller (SBC), I found a very interesting project, LibreSBC.
Indeed but I wasn't trying to warn you about that specific REST API exploit, rather I was cautioning you about the one that will only become known two minutes, two months or two years from now and who knows what it needs to be exposed to be exploited... perhaps one of the ports you have exposed :)