Hi Reddit. Got a question that may be obvious. A week ago we were contacted by our security team that they were noticing the possibility of an intrusion into our ftth environment. For a little history of our network we deploy Adtran 352 ONTs to all of our residents. If the customer wants/needs a land line we provide it via SIP fed directly off the ONT. We provide a public IP address to the SIP controller in the ONT handed out by our normal DHCP servers so the ONT can reach our SBCs. All sip traffic is on its own VLAN separate from DATA.
The intrusion detected was 10s of 1000s of telnet attempts to the SIP IP of the ONTs from IPs in China, Korea, etc. While to our knowledge no one has actually gotten into our ONTs we know it's only a matter of time. (One of the shocking things we have discovered in this process is that the ONTs store the SIP passwords in plain text.) We immediately reached out to Adtran to determine how we could disable Telnet on the ONTs globally. We were informed by TAC that this was not possible and that we need to create an ACL on our network to block this unwanted traffic. After some heated discussion we are finally moving forward with this.
this now brings us to the point of this post. I need to verify that by blocking external traffic from upstream peers into the SIP network/ IP range that we should be able to prevent any form of a security breach. My biggest concern is I'm not completely sure how SIP works with a Session Boarder Controller in place. Does my SIP line need to be able connect directly to the IP on the far side, or is it communicating to the SBC and then doesn't need external access? Our belief and hope is that when a session is built that the remote device is communicating to the SBC and this is forwarded onto our SIP line. As a result we are only needing to be able to communicate directly between the ONT and the SBC not external IPs.
I hope all of this makes since.
No comments:
Post a Comment