Re: Problems with SIP?
Just a few comments:
0. Use strong machine generated password for all extensions even if this means getting rid of old SIP phones which cannot do more than 8 characters or special chars in the password.
1. Make sure you ACL any extensions to specific destination ranges. F.E. ACL any extensions that are local only to the local LAN so they cannot be re-registered from outside. This is especially so for phones that cannot do strong passwords.
2. Make sure you use _NON_ numeric usernames especially for outside extensions (just map them to a number in the dialplan). F.E. My-crappy-android-phone maps to 6731.
3. Set call limits.
4. Blacklist any Palestinian authority networks completely (you can get their address ranges from RIPE). 90% of brute force SIP scans I have seen come from there, rest are US based). The idea is - they brute force an extension password, register and then clock to a premium rate number in Maldives, Mozambique or somewhere else they control. If you have the correct ACL they cannot do it. If you have call limits they also self-throttle themselves (they try to originate 4+ calls so a 4 calls-at-a-time call throttle is an automatic killer). No comment where your money really goes as Hamas uses the same address ranges.
5. Blacklist all countries you are not likely to dial or pin-protect them in your dialplan.
6. Do not use 15060, 1506X, 25060, etc as a security through obscurity, these are scanned too.
7. If your phone supports it and if you have the time to set up SIP/TLS always do, it is well worth the effort.
8. If you are asking where do I know all that shit from - well, not doing it has costed me 40£ a year and a half ago. I was lucky - I had a call throttle and the idiots self-throttled. I know some people who have not been so lucky to the tune of 500$+