Home
 » ISP News » 
Sponsored

Best to Avoid Doing IP PBX Style VoIP via BT’s Home Hub Routers

Friday, March 27th, 2015 (10:15 am) - Score 7,884

Customers of BT’s consumer broadband service should avoid using the ISPs Home Hub routers for business style VoIP phone setups because of a seemingly deliberate built-in weakness that, no matter what security settings you choose on the hub, it will always leave port 5060 open.

Admittedly we can’t think why anybody would want to use a consumer grade router like the HomeHub for operating an IP PBX style Voice-over-IP system, except perhaps as part of a techy experiment. Generally you’re better off getting a proper piece of business focused kit.

But never the less it appears as if a number of businesses have fallen foul of this security flaw (some of which were sent BT’s consumer Home Hub instead of the needed Business Hub) and in so doing have left themselves exposed to hackers who can break into connected VoIP systems.

The sorry tale is covered in much detail over at The Register, which reveals that no matter what you do (e.g. blocking all incoming ports, setting UPnP off, using 256bit passwords etc.) the standard port for VoIP (5060) will always remain open to any incoming connections and the hub will even do the NAT for you until it can find a working SIP device.

On the one hand this makes life easier for those trying to setup the BT VoIP service, while on the other it also makes it easier for hackers to smuggle attack traffic through the Hub in order to break into SIP accounts via brute-force.

BT’s Statement

BT has investigated similar issues and concluded that there is no fault with the way BT’s Consumer Home Hubs operate to allow VoIP calls over the internet.

It’s inappropriate to connect an IP PBX to the internet without taking additional steps to secure it.

If a customer does choose to set up their own IP PBX they must ensure that it is configured securely so they do not leave themselves exposed to potentially fraudulent behaviour.

The vast majority of BT customers would never use an IP PBX in this way, so there is very little risk that other customers would experience the same issue.

Strictly speaking this isn’t entirely the HomeHub’s fault, although other routers tend to show a lot more control over traffic, even on the VoIP ports, and the wider hacks could have been mitigated had BT’s Hub done the same.

But when a customer selects to block all incoming ports then you expect that to happen, you don’t expect all incoming ports – except 5060 – to be blocked and the fact that this isn’t communicated in any way to the end-user certainly doesn’t help. On the other hand you really should get a proper router for PBX and protect the system past the hub too.

Leave a Comment
6 Responses
  1. Avatar tonyp says:

    I thought port 5080 was the norm for PUBLIC SIP protocols! I thought normally 5060 is used for internal VoIP (i.e. between SIP phones and a PBX or VoIP adapter). I’m glad I have control over my router, PBX and phones and thus port 5060 is closed to the ‘net.

  2. Avatar SSUK says:

    I had had 3 Homehub 5’s and they have all had some kind of issue, 1 just completely died the other 2 kept freezing and losing sync or re-syncing.

  3. Avatar Kyle says:

    Buggy, horrid regularly crashing device which they claim the latest firmware fixed.

  4. Avatar Tom says:

    There are a few inaccuracies in the TheReg article.. it doesn’t “hunt until it can find a SIP device”… it actually just maps back any outbound port 5060. If you use something like MicroSIP or 3CX where the Source Port of the SIP connection is not 5060 the problem doesn’t occur.
    If you don’t make any internet based SIP connections (ie, have an internal PBX for just your phones in the building and no SIP trunk) the problem won’t occur.

    FreePBX based on Asterisk uses the source port of 5060 which means the home hub maps, wide open to the world, 5060 back to the Astrisk server which is pretty poor way of handling SIP. It should just allow the IP the packet was sent to, not open it up to the world.

  5. Avatar Jamie says:

    I have been playing around with freepbx and couldn’t understand why I was seeing a load of hacking attempts in the logs without forwarding 5060 or any other ports. When I put it behind another router in the network it was fine. Makes sense now.

  6. Avatar voip says:

    hi
    i would like to start voip company so i am looking to buy hosted voip switch and looking for A2Z routes for retail traffic , so what is the best hosted voipswitch solution pleas ?
    waiting your comment

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Vodafone £22.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Hyperoptic £22.00
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Onestream £22.49 (*29.99)
    Avg. Speed 45Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*36.52)
    Avg. Speed 36Mbps, Unlimited
    Gift: £55 Reward Card
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. FTTP (2826)
  2. BT (2797)
  3. FTTC (1796)
  4. Building Digital UK (1761)
  5. Politics (1689)
  6. Openreach (1645)
  7. Business (1459)
  8. FTTH (1342)
  9. Mobile Broadband (1258)
  10. Statistics (1254)
  11. 4G (1082)
  12. Fibre Optic (1072)
  13. Wireless Internet (1037)
  14. Ofcom Regulation (1029)
  15. Virgin Media (1021)
  16. EE (715)
  17. Vodafone (683)
  18. Sky Broadband (676)
  19. TalkTalk (674)
  20. 5G (540)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact