Safe to put a Linksys 3000 in a DMZ

Discussion in 'VOIP' started by Dave, Apr 18, 2006.

  1. Dave

    Dave Guest

    Just wondering is it safe to put a Linksys 3000 ATA on a router's DMZ, is it
    likely to get hacked being 'wide open'

    Dave.
    Dave, Apr 18, 2006
    #1
    1. Advertising

  2. Dave

    Ivor Jones Guest

    "Dave" <> wrote in message
    news:44451c32$0$29192$
    > Just wondering is it safe to put a Linksys 3000 ATA on a
    > router's DMZ, is it likely to get hacked being 'wide open'
    >
    > Dave.


    What exactly would anyone be able to hack in an ATA..?

    Ivor
    Ivor Jones, Apr 19, 2006
    #2
    1. Advertising

  3. "Ivor Jones" <> wrote:
    >"Dave" <> wrote in message
    >> Just wondering is it safe to put a Linksys 3000 ATA on a
    >> router's DMZ, is it likely to get hacked being 'wide open'


    >What exactly would anyone be able to hack in an ATA..?


    Well, you could attach to it and make outgoing phone calls on Dave's
    dime...
    William P.N. Smith, Apr 19, 2006
    #3
  4. Dave

    Dave Guest

    "William P.N. Smith" <> wrote in message
    news:...
    > "Ivor Jones" <> wrote:
    > >"Dave" <> wrote in message
    > >> Just wondering is it safe to put a Linksys 3000 ATA on a
    > >> router's DMZ, is it likely to get hacked being 'wide open'

    >
    > >What exactly would anyone be able to hack in an ATA..?

    >
    > Well, you could attach to it and make outgoing phone calls on Dave's
    > dime...


    EXACTLY what I was thinking someone hacking there way in and taking my
    details and using my account .....
    Not sure how vulnerable a ATA is, also maybe possible to hack back into the
    network via the ATA....??

    Dave..
    Dave, Apr 19, 2006
    #4
  5. Dave

    Ivor Jones Guest

    "Dave" <> wrote in message
    news:4445e989$0$19704$
    > "William P.N. Smith" <> wrote in
    > message news:...
    > > "Ivor Jones" <> wrote:
    > > > "Dave" <> wrote in message
    > > > > Just wondering is it safe to put a Linksys 3000 ATA
    > > > > on a router's DMZ, is it likely to get hacked being
    > > > > 'wide open'

    > >
    > > > What exactly would anyone be able to hack in an ATA..?

    > >
    > > Well, you could attach to it and make outgoing phone
    > > calls on Dave's dime...

    >
    > EXACTLY what I was thinking someone hacking there way in
    > and taking my details and using my account .....
    > Not sure how vulnerable a ATA is, also maybe possible to
    > hack back into the network via the ATA....??


    I can't see how.

    Ivor
    Ivor Jones, Apr 19, 2006
    #5
  6. "Ivor Jones" <> wrote:
    >> "William P.N. Smith" <> wrote in


    >> > Well, you could attach to it and make outgoing phone
    >> > calls on Dave's dime...


    >I can't see how.


    Well, it's got an FXO port, which Dave has attached to his incoming
    POTS line. If I can get at it, I can make calls (including long
    distance calls and $500/min 900 calls, which I've previously arranged
    to get a cut of) on Dave's POTS line.
    William P.N. Smith, Apr 19, 2006
    #6
  7. Dave

    Ivor Jones Guest

    "William P.N. Smith" <> wrote in
    message news:
    > "Ivor Jones" <> wrote:
    > > > "William P.N. Smith" <>
    > > > wrote in

    >
    > > > > Well, you could attach to it and make outgoing phone
    > > > > calls on Dave's dime...

    >
    > > I can't see how.

    >
    > Well, it's got an FXO port, which Dave has attached to
    > his incoming POTS line. If I can get at it, I can make
    > calls (including long distance calls and $500/min 900
    > calls, which I've previously arranged to get a cut of) on
    > Dave's POTS line.


    I can see what you're getting at, but I can't see how you would achieve
    it. In almost 2 years of using VoIP on a day to day basis I have never
    heard of an ATA being "hacked" in the manner you describe. An ATA isn't
    the same thing as a PC. I am prepared to be proven wrong, but it's not
    something I have ever heard of happening, or even discussed before now.


    Ivor
    Ivor Jones, Apr 20, 2006
    #7
  8. Dave

    B. Wright Guest

    Ivor Jones <> wrote:


    > "William P.N. Smith" <> wrote in
    > message news:
    > > "Ivor Jones" <> wrote:
    > > > > "William P.N. Smith" <>
    > > > > wrote in

    > >
    > > > > > Well, you could attach to it and make outgoing phone
    > > > > > calls on Dave's dime...

    > >
    > > > I can't see how.

    > >
    > > Well, it's got an FXO port, which Dave has attached to
    > > his incoming POTS line. If I can get at it, I can make
    > > calls (including long distance calls and $500/min 900
    > > calls, which I've previously arranged to get a cut of) on
    > > Dave's POTS line.


    > I can see what you're getting at, but I can't see how you would achieve
    > it. In almost 2 years of using VoIP on a day to day basis I have never
    > heard of an ATA being "hacked" in the manner you describe. An ATA isn't
    > the same thing as a PC. I am prepared to be proven wrong, but it's not
    > something I have ever heard of happening, or even discussed before now.


    Ivor, that's a dangerous assumption to be made really. You're
    trusting that there's NO possible way that Sipura has a security hole.
    Regardless of the fact that it doesn't run a traditional OS, it has an
    embedded operating system of sorts and devices like this have security
    flaws as well. Just because it hasn't happened yet doesn't mean it
    won't happen, remember when (if you've used the internet long enough you
    well) the internet was "safe" and no one got hacked, was this because
    none of the systems had security problems? No, security was laughable,
    it was just the fact that there were a lot less monkeys out there with a
    desire to do such things. Once something becomes more interesting and
    widespread (and VoIP has already become this) it is a huge target of
    interest to be hacked. One very obvious problem with the Sipura is the
    access to the web interface doesn't even support SSL! When it comes to
    security it's better not to make assumptions and be overly paranoid than
    to be overly sloppy and find out later you were wrong. I believe that,
    even behind some type of security device, SIP devices are still going to
    have exploits exposed.

    Imagine you're on an extended trip, halfway around the world,
    using your SPA-3000 for communication and it's hooked onto the local
    phone line so you can make outgoing local calls as well. Now, you've
    left it in the DMZ and it gets hacked. What are you going to do?
    Call and cancel your phone line it's connected to in order to mitigate
    the damages?
    B. Wright, Apr 21, 2006
    #8
  9. Dave

    Ivor Jones Guest

    "B. Wright" <> wrote in message
    news:e29crt$qm8$

    [snip]

    > Imagine you're on an extended trip, halfway around the
    > world,
    > using your SPA-3000 for communication and it's hooked
    > onto the local phone line so you can make outgoing local
    > calls as well. Now, you've left it in the DMZ and it
    > gets hacked. What are you going to do?
    > Call and cancel your phone line it's connected to in
    > order to mitigate the damages?


    Ok, but let me hear of an actual *documented* case where it has happened
    before I get paranoid.

    Many systems, SIP included, by their very nature have to be seen by the
    outside world in order to work. Even if they're not in the DMZ (they're
    not here), are my ATA's going to be hacked..?

    Ivor
    Ivor Jones, Apr 21, 2006
    #9
  10. Dave

    Arun Khan Guest

    Dave wrote:

    >
    > "William P.N. Smith" <> wrote in message
    >> Well, you could attach to it and make outgoing phone calls on Dave's
    >> dime...

    >
    > EXACTLY what I was thinking someone hacking there way in and taking my
    > details and using my account .....
    > Not sure how vulnerable a ATA is, also maybe possible to hack back into
    > the network via the ATA....??


    What is the alternative if one wants to use the VoIP number for *inbound*
    calls? Just like any other Internet node, you have to keep your ATA
    firmware updated to the latest version.

    It would be nice if the device manufacturers and service providers can
    provide a "security announcement" list for such updates.

    If you are going to use the device for outbound calls only then you can
    place the ATA behind a firewall and it should work.

    -- Arun Khan
    Arun Khan, May 1, 2006
    #10
  11. Arun Khan <> writes:
    > What is the alternative if one wants to use the VoIP number for *inbound*
    > calls? Just like any other Internet node, you have to keep your ATA
    > firmware updated to the latest version.


    One can probably close most ports leaving only the ones needed for
    normal operation open.

    sip/udp
    rtp/udp
    domain/udp (eg. named/bind)
    domain/tcp (ditto, needed also)
    ntp/udp (time)

    If the ATA is multi-call capable, one might also keep a handful of
    consecutive udp ports open for use by rtp and tell the ATA to use
    those instead of the traditional single port assigned to rtp.

    Clearly one also wants to avoid any NAT translation and assign all SIP
    endpoints genuine routable addresses.

    -wolfgang
    --
    Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
    Wolfgang S. Rupprecht, May 1, 2006
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. J  Bard
    Replies:
    6
    Views:
    3,142
    J Bard
    Feb 3, 2004
  2. JohnC
    Replies:
    9
    Views:
    846
    Walter Roberson
    Dec 7, 2004
  3. Network-Guy

    Cisco PIX DMZ to DMZ Access

    Network-Guy, Sep 23, 2005, in forum: Cisco
    Replies:
    7
    Views:
    3,886
    Walter Roberson
    Sep 25, 2005
  4. Soapy
    Replies:
    1
    Views:
    664
    The Magnificent Bastard
    Aug 16, 2004
  5. Soapy
    Replies:
    1
    Views:
    734
    Steve Leyland
    Aug 16, 2004
Loading...

Share This Page