Hi!
Please tell me why asterisk listens to ipv6 interface on random udp ports? Which module should be disabled or configured so that asterisk does not do this?
UNCONN 0 0 0.0.0.0:50735 0.0.0.0:* users:(("asterisk",pid=32236,fd=19))
UNCONN 0 0 0.0.0.0:sip 0.0.0.0:* users:(("asterisk",pid=32236,fd=21))
UNCONN 0 0 [::]:45051 [::]:* users:(("asterisk",pid=32236,fd=20))
This might be the issue:
Hello.
Thank you very much for your help.
I read this issue. This is a real problem. It’s still not clear why these ports are opened and whether it can be disabled. It’s strange that the problem is ignored by the community. This is a potential security hole.
At first glance it may seem that way but in day-to-day usage this is more in the category of a minor nuisance for those curious about their open ports.
The particular lines of sus internal code are not in Asterisk but in the third-party PJSIP project, where the random ports for the PJSIP internal DNS clients are bound on IPv4:
And IPv6:
That’s getting in to the weeds a bit… this is developer-level discussion that might happen on a separate mailing list (concurrently penning an email over there…)
In the interim, you could potentially work-around the issue a bit by running something like DNSMASQ on localhost and specifying that as your resolver in /etc/resolv.conf, and patching these particular lines to use hard-coded ports that you protect with your local software firewall.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.