spa3102 attack

Hello,

I`m using a spa3102 with asterisk for an incomming line with the lastest firmware. The problem is that I have international calls (a lot) in this line, but in the PBX are not registers of these calls. I think the attack is over the spa3102. I have this device with public IP but the firewall is blocking the 5060and5061 UDP and 80and443 TCP, the device has not ssh or telnet. Is possible that the attack is RTP only???

Thanks in advance

Whilst one can’t rule out some sort of buffer overrun, privilege escalation, vulnerability in the gateway, one would not be able to make calls based on RTP alone.

Have you blocked 5060 and 5061/TCP?

I ran a port sniffer for tcp ports and just 80 is opened in the device

ok you say [quote] I have this device with public IP but the firewall is blocking the 5060and5061 UDP and 80and443 TCP[/quote]
but then you say port 80 is accessible, Why is it on a public ip ? you can set the spa u with syslogging , it might be a good idea.

I connected directly to the device for scanning ports