Truth of the matter, is that these guys are cleverer than us, if you get once ‘targeted’ then you will often see a ‘slow drip’ of connections attempted, relentlessly, every few hours from a botnet that generally are using the same ASN, not the same host, so this prophylactic is less effective, I have seen these go on for months and longer, just don’t use UDP
Thanks for your input. I’m very thankful. I would do some middle ground here, where apply the best practices pulse one or two extra from your side. And with time will keep improving the security.
But don’t you think using SRTP/TLS over VPN would drastically reduce the call quality .
It will certainly increase the overhead.
I use Sip TLS - SRTP with about 1200 extensions, I have no problems on the pabx side in terms of performance (pabx on cloud with 4 core and 32 GB ram, 100 GB ssd), but for sure I solved all the problems related to udp and settings many routers that interfere with the sip protocol (alg sip…) for all users who work from home or in any case with remote connections even on mobile networks (5g, Lte…) with Sangoma Mobile. I changed port and at the moment the system has been running for 2 years
I’m very glad to hear that, but I didn’t understand your point on
problems related to UDP and settings of many routers that interfere with the sip protocol
What problem were you facing with UDP?
And what can Sangoma mobile solve that zoiper can’t solve?
can you provide me with more info , I would be thanksfull
zoiper needs a license for incoming call push notifications on the mobile. Furthermore, Sangoma has centralized management, it allows auto provisioning, I can use Ldap for user authentication on the desktop, and with the User Manager I can have centralized management…it depends on your needs.
For the udp in the past I had several problems with networks in which there was fragmentation of the udp or in any case settings such as sip_alg and similar had been entered…