VoIP Phones - Cisco 7xxx: Difference between revisions

Back up to the VoIP Configuring page
From AAISP Support Site
(Created page with "==Phones and Versions Tested== {| class="wikitable" !colspan="3"|Cisco 7xxx Versions tested |- !Model !Version !Notes |- |7940 |3.8.6 | |} ==Configuration:==")
 
m (clean up, typos fixed: to it's → to its)
 
(19 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<indicator name="VoIPConfiguring">[[File:menu-voip.svg|link=:Category:VoIP Phones|30px|Back up to the VoIP Configuring page]]</indicator>
==Phones and Versions Tested==
[[file:Cisco7940.png||ALT=Cisco7940]]

==Phones and Versions Tested==


{| class="wikitable"
{| class="wikitable"
Line 12: Line 15:
|3.8.6
|3.8.6
|
|


|-
|7940G
|SIP41.8-5-4S
|Appears stable


|-
|7940G
|SIP41.9-4-2SR1-1S
|Phone runs sluggish, reboots randomly, not recommended
|}
|}


{| class="wikitable"
==Configuration:==
!colspan="2"|Feature Notes
|-
|Supports [[VoIP no302|302 Redirect]]
|?
|-
|Tested on FireBrick SIP Server
|Yes
|-
|IPv6 Support
|No
|}


'''* Important *'''

Whilst testing SIP41.8-5-4S it appears the phone/firmware is vulnerable to a SIP/UDP amplification attack where crafted SIP 'INVITE' packets sent on UDP 5600 cause the phone to respond to its upstream SIP gateway with multiple SIP 2.0 '404' packets. Measured at a rate of approximately 20 packets/second, whilst not a major cause for concern with a single phone could potentially cause service issues where several phones are in use.

This vulnerability is protected against by correct firewall protection/filtering limiting inbound UDP on SIP port 5600 to the phone to be exclusively from
the parent SIP service (e.g. voiceless.aa.net.uk - see the VoIP security/firewall section). '''It is not recommended to leave these phones connected to the internet without any protection.'''

==Configuration==


==Firewall & Security==
*You will also want to set up firewall rules, as per the [[VoIP Firewall]] page.
*Also see the [[VoIP Security]] page for information about securing your VoIP service.

[[Category:VoIP Phones|Cisco 7xxx]]

Latest revision as of 00:00, 15 March 2017

ALT=Cisco7940

Phones and Versions Tested

Cisco 7xxx Versions tested
Model Version Notes
7940 3.8.6


7940G SIP41.8-5-4S Appears stable


7940G SIP41.9-4-2SR1-1S Phone runs sluggish, reboots randomly, not recommended
Feature Notes
Supports 302 Redirect ?
Tested on FireBrick SIP Server Yes
IPv6 Support No


* Important *

Whilst testing SIP41.8-5-4S it appears the phone/firmware is vulnerable to a SIP/UDP amplification attack where crafted SIP 'INVITE' packets sent on UDP 5600 cause the phone to respond to its upstream SIP gateway with multiple SIP 2.0 '404' packets. Measured at a rate of approximately 20 packets/second, whilst not a major cause for concern with a single phone could potentially cause service issues where several phones are in use.

This vulnerability is protected against by correct firewall protection/filtering limiting inbound UDP on SIP port 5600 to the phone to be exclusively from the parent SIP service (e.g. voiceless.aa.net.uk - see the VoIP security/firewall section). It is not recommended to leave these phones connected to the internet without any protection.

Configuration

Firewall & Security

  • You will also want to set up firewall rules, as per the VoIP Firewall page.
  • Also see the VoIP Security page for information about securing your VoIP service.