VoIP Phones - Cisco 7xxx: Difference between revisions
Content deleted Content added
mNo edit summary |
m clean up, typos fixed: to it's → to its |
||
| Line 2: | Line 2: | ||
[[file:Cisco7940.png||ALT=Cisco7940]] |
[[file:Cisco7940.png||ALT=Cisco7940]] |
||
==Phones and Versions Tested== |
==Phones and Versions Tested== |
||
{| class="wikitable" |
{| class="wikitable" |
||
| Line 45: | Line 45: | ||
'''* Important *''' |
'''* Important *''' |
||
Whilst testing SIP41.8-5-4S it appears the phone/firmware is vulnerable to a SIP/UDP amplification attack where crafted SIP 'INVITE' packets sent on UDP 5600 cause the phone to respond to |
Whilst testing SIP41.8-5-4S it appears the phone/firmware is vulnerable to a SIP/UDP amplification attack where crafted SIP 'INVITE' packets sent on UDP 5600 cause the phone to respond to its upstream SIP gateway with multiple SIP 2.0 '404' packets. Measured at a rate of approximately 20 packets/second, whilst not a major cause for concern with a single phone could potentially cause service issues where several phones are in use. |
||
This vulnerability is protected against by correct firewall protection/filtering limiting inbound UDP on SIP port 5600 to the phone to be exclusively from |
This vulnerability is protected against by correct firewall protection/filtering limiting inbound UDP on SIP port 5600 to the phone to be exclusively from |
||
the parent SIP service (e.g. voiceless.aa.net.uk - see the VoIP security/firewall section). '''It is not recommended to leave these phones connected to the internet without any protection.''' |
the parent SIP service (e.g. voiceless.aa.net.uk - see the VoIP security/firewall section). '''It is not recommended to leave these phones connected to the internet without any protection.''' |
||
==Configuration |
==Configuration== |
||