How can I take advantage of the 5060 port?

562    Asked by AudreyBerry in Cyber Security , Asked on Sep 26, 2022

 An nmap scan against an IP address shows that port 5060 is open. I know that 5060 indicates that this is SIP traffic. Also, 5060 indicates that this is unencrypted traffic, where if the port was 5061, then the traffic would be encrypted.

I also have a hunch that 5060 tunnels through to a PBX-based phone system (possibly Asterisk). I think that the router is listening on 5060 and forwarding any inbound traffic pointed at port 5060 at this IP address to this Linux-based phone system for the purpose of receiving calls. Calls made come out through port 5060 at this IP address.

What problems would this setup cause from a security point of view? How could an attacker take advantage of this information?

If you get the unencrypted voice traffic, then you can replay the unencrypted voice traffic. My team and I did some experimentation on it back around 2012 or so. But, remember, SIP is just the control plane...RTP/RTCP/SRTP is the "data" plane, which won't be on the 5060 port


Your Answer

Interviews

Parent Categories