web statisticsweb stats

Business Phone Systems

Support Service-Disabled Veterans!
Discount software from Direct Deals
Previous Thread
Next Thread
Print Thread
Rate Thread
Page 1 of 2 1 2
Joined: Feb 2009
Posts: 15
Member
Member
Offline
Joined: Feb 2009
Posts: 15
We seem to be having an issue just in the last few months where our IP phones are randomly disconnected from the IPU cards. This can happen once a day, or three times a day. CIX670 using various models of IP phones from Toshiba with MIPU16 cards.

We have two cards, each with a different provider (so i doubt it's related to the carrier). The disconnect will happen on either card, at random and everyone on that card is cut off at the same time, the phone reboots and reconnects. Of course, if they are in the middle of a call, they are instantly cut off from that call.

It's become quite an interruption to our workflow at this point. Some have suggested that the solution is a firewall device between the connection and the IPU card. As of right now the connection goes directly to the cards with no firewall or router to an outside IP address. That's the way it was setup by our phone service company originally.

Any help would be appreciated if there's anyone who's seen this or can offer any help.

Atcom VoIP Phones
VoIP Demo

Best VoIP Phones Canada


Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.

Joined: Aug 2002
Posts: 4,929
Likes: 1
Administrator
Administrator
Joined: Aug 2002
Posts: 4,929
Likes: 1
If you have phones outside or off the internal network the MIPU can't be behind a firewall.
But from experience I can tell you it most likely a SIP attack on the IP cards. Which will cause them to shut down and or reboot.

Joined: Feb 2009
Posts: 15
Member
Member
Offline
Joined: Feb 2009
Posts: 15
Originally Posted by SSPhone
If you have phones outside or off the internal network the MIPU can't be behind a firewall.
But from experience I can tell you it most likely a SIP attack on the IP cards. Which will cause them to shut down and or reboot.

That's great information, even if we have SIP turned off (which I believe we do), what is the solution then to stop this?

Joined: Jun 2005
Posts: 2,717
Likes: 7
Member
Member
Joined: Jun 2005
Posts: 2,717
Likes: 7
Originally Posted by PTME
Originally Posted by SSPhone
If you have phones outside or off the internal network the MIPU can't be behind a firewall.
But from experience I can tell you it most likely a SIP attack on the IP cards. Which will cause them to shut down and or reboot.

That's great information, even if we have SIP turned off (which I believe we do), what is the solution then to stop this?

I believe that even if you are not using SIP, I believe that the MIPU will respond to SIP messages. If you even look at incoming data, once people see port 5060 open they start attacking it with SIP invites and registration messages, attempting toll fraud.

There is a way to put a firewall in front of the MIPU. The trick is that the MIPU must be assigned a public IP address without NAT. Toshiba had a document on how to configure a Zyxel router to filter incoming traffic while still giving the MIPU a public IP address. Then you could filter port all incoming traffic except for the ports the phones need for their IP phones.

Joined: Feb 2009
Posts: 15
Member
Member
Offline
Joined: Feb 2009
Posts: 15
Also fantastic information, thanks very much.

A few things come to mind:

1. Perhaps I can ask our ISP to block port 5060 if the attacks are indeed coming just from that port. When I do a full port scan, I do not see that port as being open, but there may be other scanning tools that show it is open. Are there other ports as well that would need to be blocked?

2. I don't understand why you couldn't just give the card a local IP address and setup NAT and then simply only allow traffic from the IP addresses of those people having phones (yes it would have to be adjusted if their ip changed)? Why would the card care or know about this? I've done things like this for many other applications. For example, how about something like this: https://www.tp-link.com/us/support/faq/2026/

3. I will look into the Zyxel router option and see if someone can locate that document.

EDIT- I have confirmed that port 5060 in UDP is open. 5060 and 5061 are both closed to TCP, but apparently the UDP 5060 flood attack is quite common and may be what's happening here.

Last edited by PTME; 02/23/22 10:03 PM.
Joined: Jun 2005
Posts: 2,717
Likes: 7
Member
Member
Joined: Jun 2005
Posts: 2,717
Likes: 7
SIP typically uses UDP ports 5060 and 5061 so a scan will not show it as open. I don't know how these guys find an open SIP server, but they do. Non-stop SIP invites and registrations. Toshiba is pretty good about not letting these get through, but they don't stop

MIPU IP has never worked with NAT. If you have public-facing phones the MIPU must always have a dedicated public IP address assigned to it. There are a lot of technical reasons why, but it is a bit much to go into details. You can get SIP to work on an MIPU with a router that supports SIP ALG, but routers do not understand the Toshiba IP protocol. Sometimes they think it is H.323.

Other routers will probably also work, but I think Toshiba mentioned this brand because it was a lower-cost solution. Back in Toshiba many years ago class they used a Sonicwall

Check PM.

Edit: I should note that a VPN from the user's premise will also work if you wanted to keep the card internal.

Last edited by newtecky; 02/23/22 10:35 PM. Reason: Add VPN comment
Joined: Feb 2009
Posts: 15
Member
Member
Offline
Joined: Feb 2009
Posts: 15
Thanks for the great suggestions. In the next few days, I'm going to see if the ISP will block that port and see if that changes things.

Joined: Feb 2009
Posts: 15
Member
Member
Offline
Joined: Feb 2009
Posts: 15
Just to update everyone on this, in case someone has a similar issue.

The ISPs would not block the ports for us, which I suspected. So with the help of some members on this forum we setup firewall devices yesterday for both of our IPU cards.

Specifically the ZyXEL ZyWall USG 20 using a setup generously provided by newtecky.

It hasn't been long enough to determine if this has solved the issue, but I will update everyone in a few days with the final results.

One nice benefit of using this device is that we are able to see logs for the first time, and the attempts made to access or query the device.

Joined: Mar 2022
Posts: 1
Member
Member
Offline
Joined: Mar 2022
Posts: 1
This is exactly the issue we have been experiencing. Thank you PTME and newtecky for explaining what’s going on.

We already have a Sonicwall in place but with our MIPU connected directly to the ISP’s modem. Ideally I would figure out how to configure the Sonicwall, but I’ll invest in the ZyXEL router if needed.

Newtecky, if you could PM me the ZyXEL configuration steps, I would be very grateful. If anyone has the steps for a Sonicwall, that would be a bonus.

Thanks everyone, looking forward to getting this solved.

Jon

Joined: Aug 2012
Posts: 109
Likes: 1
Member
Member
Online: Content
Joined: Aug 2012
Posts: 109
Likes: 1
I have a CIX100 with this problem too. I would be very interested in knowing the solution as well. We have SonicWall here too, but like Jon the MIPU is connected directly to the ISPs modem.

Page 1 of 2 1 2

Moderated by  Carlos#1, phonemeister 

Link Copied to Clipboard
Newest Topics
OfficeServ 7200 enable 4 digit extensions
by Robert Stuart - 11/05/24 05:42 AM
OfficeServ 7200 v4.60b software?
by Robert Stuart - 11/04/24 05:38 PM
CTX 100 Can't Connect with eManager
by stwtech - 11/04/24 04:24 PM
OfficeServ 7200 red flashing MC led after reboot
by Robert Stuart - 11/01/24 11:57 AM
Forum Statistics
Forums84
Topics94,426
Posts639,494
Members49,821
Most Online5,661
May 23rd, 2018
Newest Members
FooF, brianorbrain, AndyW251, Dean Badelek, PCCsup
49,820 Registered Users
Top Posters(30 Days)
Toner 10
pvj 9
R4+Z 4
Who's Online Now
2 members (nortelvoip, BCtech-NurseCall), 87 guests, and 27 robots.
Key: Admin, Global Mod, Mod
Contact Us | Sponsored by Atcom: One of the best VoIP Phone Canada Suppliers for your business telephone system!| Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers. Sundance Phone System Forums - VOIP & Cloud Phone Help
©Copyright Sundance Communications 1998 - 2024
Powered by UBB.threads™ PHP Forum Software 8.0.0