|
Joined: Feb 2009
Posts: 15
Member
|
Member
Joined: Feb 2009
Posts: 15 |
We seem to be having an issue just in the last few months where our IP phones are randomly disconnected from the IPU cards. This can happen once a day, or three times a day. CIX670 using various models of IP phones from Toshiba with MIPU16 cards.
We have two cards, each with a different provider (so i doubt it's related to the carrier). The disconnect will happen on either card, at random and everyone on that card is cut off at the same time, the phone reboots and reconnects. Of course, if they are in the middle of a call, they are instantly cut off from that call.
It's become quite an interruption to our workflow at this point. Some have suggested that the solution is a firewall device between the connection and the IPU card. As of right now the connection goes directly to the cards with no firewall or router to an outside IP address. That's the way it was setup by our phone service company originally.
Any help would be appreciated if there's anyone who's seen this or can offer any help.
|
|
|
Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.
|
|
|
Joined: Aug 2002
Posts: 4,929 Likes: 1
Administrator
|
Administrator
Joined: Aug 2002
Posts: 4,929 Likes: 1 |
If you have phones outside or off the internal network the MIPU can't be behind a firewall. But from experience I can tell you it most likely a SIP attack on the IP cards. Which will cause them to shut down and or reboot.
|
|
|
|
Joined: Feb 2009
Posts: 15
Member
|
Member
Joined: Feb 2009
Posts: 15 |
If you have phones outside or off the internal network the MIPU can't be behind a firewall. But from experience I can tell you it most likely a SIP attack on the IP cards. Which will cause them to shut down and or reboot. That's great information, even if we have SIP turned off (which I believe we do), what is the solution then to stop this?
|
|
|
|
Joined: Jun 2005
Posts: 2,717 Likes: 7
Member
|
Member
Joined: Jun 2005
Posts: 2,717 Likes: 7 |
If you have phones outside or off the internal network the MIPU can't be behind a firewall. But from experience I can tell you it most likely a SIP attack on the IP cards. Which will cause them to shut down and or reboot. That's great information, even if we have SIP turned off (which I believe we do), what is the solution then to stop this? I believe that even if you are not using SIP, I believe that the MIPU will respond to SIP messages. If you even look at incoming data, once people see port 5060 open they start attacking it with SIP invites and registration messages, attempting toll fraud. There is a way to put a firewall in front of the MIPU. The trick is that the MIPU must be assigned a public IP address without NAT. Toshiba had a document on how to configure a Zyxel router to filter incoming traffic while still giving the MIPU a public IP address. Then you could filter port all incoming traffic except for the ports the phones need for their IP phones.
|
|
|
|
Joined: Feb 2009
Posts: 15
Member
|
Member
Joined: Feb 2009
Posts: 15 |
Also fantastic information, thanks very much. A few things come to mind: 1. Perhaps I can ask our ISP to block port 5060 if the attacks are indeed coming just from that port. When I do a full port scan, I do not see that port as being open, but there may be other scanning tools that show it is open. Are there other ports as well that would need to be blocked? 2. I don't understand why you couldn't just give the card a local IP address and setup NAT and then simply only allow traffic from the IP addresses of those people having phones (yes it would have to be adjusted if their ip changed)? Why would the card care or know about this? I've done things like this for many other applications. For example, how about something like this: https://www.tp-link.com/us/support/faq/2026/ 3. I will look into the Zyxel router option and see if someone can locate that document. EDIT- I have confirmed that port 5060 in UDP is open. 5060 and 5061 are both closed to TCP, but apparently the UDP 5060 flood attack is quite common and may be what's happening here.
Last edited by PTME; 02/23/22 10:03 PM.
|
|
|
|
Joined: Jun 2005
Posts: 2,717 Likes: 7
Member
|
Member
Joined: Jun 2005
Posts: 2,717 Likes: 7 |
SIP typically uses UDP ports 5060 and 5061 so a scan will not show it as open. I don't know how these guys find an open SIP server, but they do. Non-stop SIP invites and registrations. Toshiba is pretty good about not letting these get through, but they don't stop
MIPU IP has never worked with NAT. If you have public-facing phones the MIPU must always have a dedicated public IP address assigned to it. There are a lot of technical reasons why, but it is a bit much to go into details. You can get SIP to work on an MIPU with a router that supports SIP ALG, but routers do not understand the Toshiba IP protocol. Sometimes they think it is H.323.
Other routers will probably also work, but I think Toshiba mentioned this brand because it was a lower-cost solution. Back in Toshiba many years ago class they used a Sonicwall
Check PM.
Edit: I should note that a VPN from the user's premise will also work if you wanted to keep the card internal.
Last edited by newtecky; 02/23/22 10:35 PM. Reason: Add VPN comment
|
|
|
|
Joined: Feb 2009
Posts: 15
Member
|
Member
Joined: Feb 2009
Posts: 15 |
Thanks for the great suggestions. In the next few days, I'm going to see if the ISP will block that port and see if that changes things.
|
|
|
|
Joined: Feb 2009
Posts: 15
Member
|
Member
Joined: Feb 2009
Posts: 15 |
Just to update everyone on this, in case someone has a similar issue.
The ISPs would not block the ports for us, which I suspected. So with the help of some members on this forum we setup firewall devices yesterday for both of our IPU cards.
Specifically the ZyXEL ZyWall USG 20 using a setup generously provided by newtecky.
It hasn't been long enough to determine if this has solved the issue, but I will update everyone in a few days with the final results.
One nice benefit of using this device is that we are able to see logs for the first time, and the attempts made to access or query the device.
|
|
|
|
Joined: Mar 2022
Posts: 1
Member
|
Member
Joined: Mar 2022
Posts: 1 |
This is exactly the issue we have been experiencing. Thank you PTME and newtecky for explaining what’s going on.
We already have a Sonicwall in place but with our MIPU connected directly to the ISP’s modem. Ideally I would figure out how to configure the Sonicwall, but I’ll invest in the ZyXEL router if needed.
Newtecky, if you could PM me the ZyXEL configuration steps, I would be very grateful. If anyone has the steps for a Sonicwall, that would be a bonus.
Thanks everyone, looking forward to getting this solved.
Jon
|
|
|
|
Joined: Aug 2012
Posts: 109 Likes: 1
Member
|
Member
Joined: Aug 2012
Posts: 109 Likes: 1 |
I have a CIX100 with this problem too. I would be very interested in knowing the solution as well. We have SonicWall here too, but like Jon the MIPU is connected directly to the ISPs modem.
|
|
|
Forums84
Topics94,426
Posts639,494
Members49,821
|
Most Online5,661 May 23rd, 2018
|
|
|
|