QuteCom uses src-port 5060 for outgoing connections. why?
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Aug 11 17:09:33 CEST 2008
Chris Maciejewski schrieb:
> Hi Klaus,
>
> 2008/8/11 Klaus Darilion <klaus.mailinglists at pernau.at>:
> [...]
>> SIP and RTP ports should be dynamic for security reasons.
>
> Could you please explain what kind of security does assigning random
> (dynamic) port to SIP UAS give?
Have you ever used sipvicious? It scans random IPs for port 5060 - you
get rather fast lots of SIP clients which you can target to attack. Of
course you could also scan other ports than 5060 but this takes 2^15
times more.
>
>> Actually if all SIP user agents would be standard conform then even the
>> proxies need not to use port 5060 (SRV lookups).
>
> Well, in my opinion we should try to make Qutecom as close to the
> standards defined in RFC 3261 (and others) as possible. And IANA
> assigned port for SIP is 5060 (5061 TLS)
Using a random port for SIP is 100% standard conform. The assigned port
is the one which is used if the port is not specified in the URI.
regards
klaus
More information about the QuteCom-dev
mailing list