What's new
By:

Firewall Not Blocking inbound SIP Traffic

M

Mike S

Regular Contributor
I have an RT-AC68U router running Asuswrt Merlin running 384.18. I have the firewall enabled. I have a SIP VOIP phone connected to the router on my LAN. Today, I started getting a tone of ghost calls on the phone. I turned on the packet trace and discovered lots of inbound SIP traffic from a 198.23.xx.xx network addressed to the phone on my LAN.

How can this happen? I don't have any Port Forwarding configured.
 
Mike S said:
I have an RT-AC68U router running Asuswrt Merlin running 384.18. I have the firewall enabled. I have a SIP VOIP phone connected to the router on my LAN. Today, I started getting a tone of ghost calls on the phone. I turned on the packet trace and discovered lots of inbound SIP traffic from a 198.23.xx.xx network addressed to the phone on my LAN.

How can this happen? I don't have any Port Forwarding configured.
Click to expand...
Upnp created a port forward?
 
Mike S said:
I have an RT-AC68U router running Asuswrt Merlin running 384.18. I have the firewall enabled. I have a SIP VOIP phone connected to the router on my LAN. Today, I started getting a tone of ghost calls on the phone. I turned on the packet trace and discovered lots of inbound SIP traffic from a 198.23.xx.xx network addressed to the phone on my LAN.

How can this happen? I don't have any Port Forwarding configured.
Click to expand...

It's not a router firewall issue... it's your phone willing to talk to whoever calls.

Check your phone's SIP account configuration for settings to reject anonymous SIP calls such as:
AcceptSipFromRegistrarOnly = enabled
EnforceRequestUserID = enabled
Check SIP User ID for Incoming INVITE = yes
Accept Incoming SIP from Proxy Only = yes
Authenticate Incoming INVITE = yes

Basically, you want to only accept SIP connections from your SIP service provider.

Also, set your phone's SIP account configuration to use a local user agent port other than 5060, such as 65061 to hide from SIP scanners... security by obscurity. If you have more than one SIP account registered on the phone, make the next port 65062, etc.

Do disable router WAN\NAT Passthrough\SIP Passthrough. These SIP helpers have caused issues like one-way audio on calls.

OE
 
Last edited:
You must log in or register to reply here.

Similar threads

pt44
VoIP + Asus RT-AX86U + Grandstream HT801 + SIP ALG
Replies
6
Views
2K
RMerlin
RMerlin
W
Whitelisting VoIP IP addresses Firewall
Replies
1
Views
784
Boardson
B
A
Wireguard Server blocking random sites
Replies
5
Views
395
ZebMcKayhan
Z
M
Capturing Traffic: PlayStation issue on one ISP
Replies
7
Views
622
mrric
M
M
WireGuard connected but not routing traffic
Replies
18
Views
3K
Viktor Jaep
Viktor Jaep
Similar threads
Thread starter Title Forum Replies Date
bengalih PSA - RT-AC68U with CTF/NAT Acceleration may allow IPv6 UDP traffic through firewall Asuswrt-Merlin 8
C Firewall URL filter bypassed by guest networks with disabled intranet access Asuswrt-Merlin 4
S Firewall rule to block firmware updates Asuswrt-Merlin 5
D Entware [AX86U Merlin 3004.388.9_2] Disabling Firewall in WebUI allows Transmission to open the famous closed port, but WebUI Port Forwarding does not. Asuswrt-Merlin 1
R ipv6 / firewall on ax86u pro (on latest Merlin) Asuswrt-Merlin 6
B BE88U Firewall port forwarding set in GUI not working. Anyone else? Asuswrt-Merlin 2
A Wireguard Server blocking random sites Asuswrt-Merlin 5
X Blocking device to access LAN Asuswrt-Merlin 7
YumeHatsuyuki 【AiProtection Bug】Malicious Sites Blocking Remains Enabled Despite Turning Off "Enable AiProtection" Asuswrt-Merlin 12
L Blocking camera from outside, but enabling with VPN? AX88U Asuswrt-Merlin 12

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 3,618 (members: 16, guests: 3,602)
Back
Top