dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
29
grand total
join:2005-10-26
Mississauga
·Fido
MikroTik RB750Gr3
MikroTik wAP AC
Panasonic KX-TGP500

grand total to StillLearn

Member

to StillLearn

Re: Receiving calls from name/number 100 that don't get logged

said by StillLearn:

•Does that protect me from SIP phone port scanners and scammers?
•How do the legitimate providers connect to me to let me know of an incoming call?

Yes, if you do not forward ports to your device you are protected from port scanners.

Your device registers with your provider and in doing so tells your provider where to send your calls. There is a second part to this, you must also send small packets frequently to your provider to keep a temporary hole in your firewall open, so that when your provider has a call for you it is able to reach your device and is not blocked by your firewall.

StillLearn
Premium Member
join:2002-03-21
Streamwood, IL

StillLearn

Premium Member

said by grand total:

Yes, if you do not forward ports to your device you are protected from port scanners.

Thanks. That's a relief. And thanks for the other info too.
StillLearn

1 edit

StillLearn

Premium Member

said by StillLearn:

said by grand total:

Yes, if you do not forward ports to your device you are protected from port scanners.

Thanks. That's a relief. And thanks for the other info too.

It turns out that being behind a NAT router without port forwarding or DMZ is not sufficient to stop the probe from ringing your box. I have just implemented one of the other measures.
grand total
join:2005-10-26
Mississauga
·Fido
MikroTik RB750Gr3
MikroTik wAP AC
Panasonic KX-TGP500

grand total

Member

said by StillLearn:

It turns out that being behind a NAT router without port forwarding or DMZ is not sufficient to stop the probe from ringing your box. I have just implemented one of the other measures.

Yes, I recently learnt that's true for some routers. Sorry for my misleading answer.
Mango
Use DMZ and you get a kick in the dick.
Premium Member
join:2008-12-25
www.toao.net

Mango

Premium Member

StillLearn's router must use Full-cone NAT, correct?

Is there an easy way to test what type of NAT a router uses?
zm
join:2001-06-19
canada

1 recommendation

zm

Member

said by Mango:

StillLearn's router must use Full-cone NAT, correct?

Is there an easy way to test what type of NAT a router uses?

I would try to run sipsak against the router from another box on the intarwebs, and see if I got an answer; here's an example against atlanta.voip.ms:

$ sipsak -v -v -s sip:atlanta.voip.ms
No SRV record: _sip._tcp.atlanta.voip.ms
No SRV record: _sip._udp.atlanta.voip.ms
using A record: atlanta.voip.ms
warning: need raw socket (root privileges) to receive all ICMP errors

message received:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 127.0.1.1:46822;branch=z9hG4bK.1995f7ee;alias;received=**.***.**.**;rport=46398
From: sip:sipsak@127.0.1.1:46822;tag=62628a27
To: sip:atlanta.voip.ms;tag=as0c4c7c7c
Call-ID: 1650625063@127.0.1.1
CSeq: 1 OPTIONS
User-Agent: VoIPMS/SERAST
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Contact:
Accept: application/sdp
Content-Length: 0

** reply received after 42.774 ms **
SIP/2.0 200 OK
final received

phoneuser
join:2012-12-19
New York, NY

1 edit

1 recommendation

phoneuser to Mango

Member

to Mango
said by Mango:

Is there an easy way to test what type of NAT a router uses?

Here are a few that I know about.

* NAT tester at »nattest.net.in.tum.de
Requires Java, unfortunately. I've found that the final test (UDP Reverse Traceroute) can hang. If it does, then you can abandon it and still see the results of the other tests by clicking on the "permanent link for your results" link. It also tests for the presence of SIP and FTP ALGs. For my router, it reports the correct results for the things that I know about by other means.

* On Mac OS X, launch the Messages application. Skip the setup if you're not a chatter. From the menu bar, go to Video > Connection Doctor. Choose "Network Status". "Router Type" should show the NAT type. I've found that sometimes it fails to detect the type the first time; toggling to "Statistics" and back to "Router Type" seems to fix this. It reports the correct NAT type for my router.

* I no longer have one of these ATAs, but I've used this before with success. Sipura/Linksys ATAs have a "STUN Test Enable" option (with the other "NAT Support" options) which, when set "on" and with STUN configured, will report the detected NAT type in the debug log on a coldstart of the device.
DaveN
join:2010-07-18
Santa Fe, NM

1 recommendation

DaveN to Mango

Member

to Mango
said by Mango:

StillLearn's router must use Full-cone NAT, correct?

Is there an easy way to test what type of NAT a router uses?

DogFace05 posted a handy NAT utility for this purpose along with a good explanation of NAT-related issues.

»Re: [Future9] PAP2 optimal settings?

Hope this helps...
Mango
Use DMZ and you get a kick in the dick.
Premium Member
join:2008-12-25
www.toao.net

Mango

Premium Member

Thank you! I was a newbie way back then.

I am behind port restricted cone NAT.