I know this is probably an ignorant question, but my UDM Pro’s security log shows about a dozen CI Army and/or D-Shield IP addresses scanning my FreePBX’s RTP ports every day, which are open per requirements (10000-20000). I understand that there is not supposed to be anything that can be done through these open ports, but I usually block them anyway. Do I need to be blocking these IP addresses, or should I just leave them alone as long as they are only scanning the RTP ports? Nothing else is open to the internet except the single IP address used by my provider, and I use VPN access for everything else.
Systems not in your local network won’t get anything useful to them, inside your network they might be able to hear your un-encrypted audio streams.
So you don’t think I need to worry about blocking them?
I guess my concern is that the UDM Pro may accidentally identify something as malicious when it is not. For instance, it classified the IP address from the provider as a CI Army attack, but since I knew the address, I knew not to block it. This could obviously be an issue.
Every FreePBX Distro system allows unrestricted access to the RTP range (UDP) by default. It’s not a security concern, unless you enable a service on one of those ports yourself.
Thank you!
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.