Securing Astrisk SIP server

Hello all;

I have a deployed astrisk SIP server, this server is behind a PIX 515E, but the server is hacked , I want to know:

1- required ports to be opened for the IP phones to connect, is it only 5060 or there are additional ports?

2- What are the best security practices to protect this server without intercepting its normal operation?

Thanks in advance

Are you saying that the server has been Hacked/compromised ? if thats what you mean then you need to wipe it clean and reinstall completely.

As to ports that need to be open

well it depends but 5060 and rtp portd and a random port for ssh then iax

Ian

Thanks for your reply.

Actually, I came to the site and the setup was previously done, there are open ports as follow on PIX.

tcp/udp 5060
tcp/udp 5038
tcp/udp 5500
tcp/5901/5902/5903/5904/5905/5906

All those ports are opened from all to that server.

I think initially I have to restrict them from the IP phones ip only, is it right?

and Are all thos ports are needed?

If you look for this on “Asterisk the Future of Telephony” Second Edition you find the configuration for the Firewall, for the case of SIP and IAX.
Take a look to the following in the rtp.conf configuration file:
rtpstart=10000
rtpend=20000
Maybe you can change this too…
Good luck :smile:

Close port 5038, 5901-06 and 5500. The first is for the Asterisk Manager Interface the others are for VNC.