Business Phone Systems

AtcomCloud Online Store
Previous Thread
Next Thread
Print Thread
Rate Thread
Page 1 of 2 1 2
Joined: Feb 2009
Posts: 13
PTME Offline OP
Member
OP Offline
Member
Joined: Feb 2009
Posts: 13
We seem to be having an issue just in the last few months where our IP phones are randomly disconnected from the IPU cards. This can happen once a day, or three times a day. CIX670 using various models of IP phones from Toshiba with MIPU16 cards.

We have two cards, each with a different provider (so i doubt it's related to the carrier). The disconnect will happen on either card, at random and everyone on that card is cut off at the same time, the phone reboots and reconnects. Of course, if they are in the middle of a call, they are instantly cut off from that call.

It's become quite an interruption to our workflow at this point. Some have suggested that the solution is a firewall device between the connection and the IPU card. As of right now the connection goes directly to the cards with no firewall or router to an outside IP address. That's the way it was setup by our phone service company originally.

Any help would be appreciated if there's anyone who's seen this or can offer any help.

Atcom VoIP Demo
VoIP Demo
Joined: Aug 2002
Posts: 4,918
Likes: 1
Administrator
Offline
Administrator
Joined: Aug 2002
Posts: 4,918
Likes: 1
If you have phones outside or off the internal network the MIPU can't be behind a firewall.
But from experience I can tell you it most likely a SIP attack on the IP cards. Which will cause them to shut down and or reboot.

Joined: Feb 2009
Posts: 13
PTME Offline OP
Member
OP Offline
Member
Joined: Feb 2009
Posts: 13
Originally Posted by SSPhone
If you have phones outside or off the internal network the MIPU can't be behind a firewall.
But from experience I can tell you it most likely a SIP attack on the IP cards. Which will cause them to shut down and or reboot.

That's great information, even if we have SIP turned off (which I believe we do), what is the solution then to stop this?

Joined: Jun 2005
Posts: 2,643
Likes: 4
Member
Online Content
Member
Joined: Jun 2005
Posts: 2,643
Likes: 4
Originally Posted by PTME
Originally Posted by SSPhone
If you have phones outside or off the internal network the MIPU can't be behind a firewall.
But from experience I can tell you it most likely a SIP attack on the IP cards. Which will cause them to shut down and or reboot.

That's great information, even if we have SIP turned off (which I believe we do), what is the solution then to stop this?

I believe that even if you are not using SIP, I believe that the MIPU will respond to SIP messages. If you even look at incoming data, once people see port 5060 open they start attacking it with SIP invites and registration messages, attempting toll fraud.

There is a way to put a firewall in front of the MIPU. The trick is that the MIPU must be assigned a public IP address without NAT. Toshiba had a document on how to configure a Zyxel router to filter incoming traffic while still giving the MIPU a public IP address. Then you could filter port all incoming traffic except for the ports the phones need for their IP phones.

Joined: Feb 2009
Posts: 13
PTME Offline OP
Member
OP Offline
Member
Joined: Feb 2009
Posts: 13
Also fantastic information, thanks very much.

A few things come to mind:

1. Perhaps I can ask our ISP to block port 5060 if the attacks are indeed coming just from that port. When I do a full port scan, I do not see that port as being open, but there may be other scanning tools that show it is open. Are there other ports as well that would need to be blocked?

2. I don't understand why you couldn't just give the card a local IP address and setup NAT and then simply only allow traffic from the IP addresses of those people having phones (yes it would have to be adjusted if their ip changed)? Why would the card care or know about this? I've done things like this for many other applications. For example, how about something like this: https://www.tp-link.com/us/support/faq/2026/

3. I will look into the Zyxel router option and see if someone can locate that document.

EDIT- I have confirmed that port 5060 in UDP is open. 5060 and 5061 are both closed to TCP, but apparently the UDP 5060 flood attack is quite common and may be what's happening here.

Last edited by PTME; 02/24/22 03:03 AM.
Joined: Jun 2005
Posts: 2,643
Likes: 4
Member
Online Content
Member
Joined: Jun 2005
Posts: 2,643
Likes: 4
SIP typically uses UDP ports 5060 and 5061 so a scan will not show it as open. I don't know how these guys find an open SIP server, but they do. Non-stop SIP invites and registrations. Toshiba is pretty good about not letting these get through, but they don't stop

MIPU IP has never worked with NAT. If you have public-facing phones the MIPU must always have a dedicated public IP address assigned to it. There are a lot of technical reasons why, but it is a bit much to go into details. You can get SIP to work on an MIPU with a router that supports SIP ALG, but routers do not understand the Toshiba IP protocol. Sometimes they think it is H.323.

Other routers will probably also work, but I think Toshiba mentioned this brand because it was a lower-cost solution. Back in Toshiba many years ago class they used a Sonicwall

Check PM.

Edit: I should note that a VPN from the user's premise will also work if you wanted to keep the card internal.

Last edited by newtecky; 02/24/22 03:35 AM. Reason: Add VPN comment
Joined: Feb 2009
Posts: 13
PTME Offline OP
Member
OP Offline
Member
Joined: Feb 2009
Posts: 13
Thanks for the great suggestions. In the next few days, I'm going to see if the ISP will block that port and see if that changes things.

Joined: Feb 2009
Posts: 13
PTME Offline OP
Member
OP Offline
Member
Joined: Feb 2009
Posts: 13
Just to update everyone on this, in case someone has a similar issue.

The ISPs would not block the ports for us, which I suspected. So with the help of some members on this forum we setup firewall devices yesterday for both of our IPU cards.

Specifically the ZyXEL ZyWall USG 20 using a setup generously provided by newtecky.

It hasn't been long enough to determine if this has solved the issue, but I will update everyone in a few days with the final results.

One nice benefit of using this device is that we are able to see logs for the first time, and the attempts made to access or query the device.

Joined: Mar 2022
Posts: 1
Member
Offline
Member
Joined: Mar 2022
Posts: 1
This is exactly the issue we have been experiencing. Thank you PTME and newtecky for explaining what’s going on.

We already have a Sonicwall in place but with our MIPU connected directly to the ISP’s modem. Ideally I would figure out how to configure the Sonicwall, but I’ll invest in the ZyXEL router if needed.

Newtecky, if you could PM me the ZyXEL configuration steps, I would be very grateful. If anyone has the steps for a Sonicwall, that would be a bonus.

Thanks everyone, looking forward to getting this solved.

Jon

Joined: Aug 2012
Posts: 99
Member
Offline
Member
Joined: Aug 2012
Posts: 99
I have a CIX100 with this problem too. I would be very interested in knowing the solution as well. We have SonicWall here too, but like Jon the MIPU is connected directly to the ISPs modem.

Page 1 of 2 1 2

Moderated by  Carlos#1, phonemeister 

Link Copied to Clipboard
Forum Statistics
Forums84
Topics93,686
Posts636,175
Members49,606
Most Online5,661
May 23rd, 2018
Popular Topics(Views)
Today's Birthdays
cotton, JDK, jdkinney, Matt Knight, MCap, neh-telecom
Newest Members
Uranium-235, grahamw, Motel6Guy, JustAGuy, Dialtony
49,606 Registered Users
Top Posters(30 Days)
Toner 12
Yoda 9
dexman 7
Who's Online Now
0 members (), 31 guests, and 15 robots.
Key: Admin, Global Mod, Mod
Contact Us | Sponsored by Atcom: Business Phone Systems & VoIP | Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers.
©Copyright Sundance Communications 1998-2022
Powered by UBB.threads™ PHP Forum Software 7.7.5