Firewall Question

On my firewall I had set it up to permit connections from the internet to our PJSIP port which was setup on a non-standard port of 9260

A penetration test was done against our system last night and they were able to see 5060 which is our chan_sip port which I thought wasn’t exposed.

Any guidance on what I might be doing wrong?

Your SIP port is being managed by the Adaptive Firewall, so it will appear to be open for your external extensions to connect. Is there something in the way (a router/firewall) that could be redirecting port 5060 from the outside to your ‘enhanced’ SIP port?

In your Advanced Settings (SIP Settings), do you have all of the SIP ports reset to your new port?

You could try using nmap (or some other local network scanner) and see if port 5060 is actually open on the server. If it isn’t, then you could be looking at a different piece of gear being the problem.

This interface is sitting directly on the public network so there isn’t any hardware firewall in between. The request to 5060 is replying “Asterisk 13.18.0” is it’s the freepbx that’s replying.

The chan_sip is on 5060 but I’m trying to keep the freepbx firewall from exposing that across the internet interface. the only thing I’d like exposed is the PJSIP port.

Just curious, what/who are you using for your pen test?

nmap from home… just wanted to get a general idea of what our auditors would find before they did.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.