SIP Port Blocking
Hey all. This isn’t directly an Asterisk question, but it is Asterisk related because I am using SIP on asterisk.
The last couple of days I found that our asterisk box was having all packets originating from port 5060 being blocked.
If I moved my SIP port to any other port I could register and place calls, leaving it on 5060 I can do neither. Also if I ran tcpdump on both ends of my truck connection. I could see all packets arriving at the other end ONLY when they were not originating from port 5060.
The next question was where was it being blocked. running traceroute yielded the following:
root@1940IronStone:~# traceroute -z 1000 -A -U -p 5060 –sportP60
70.xx.xx.200
traceroute to 70.xx.xx.200 (70.xx.xx.200), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) [*] 3.837 ms 5.282 ms 6.280 ms
2 64.230.199.2 (64.230.199.2) [AS577] 9.690 ms * *
3 64.230.232.177 (64.230.232.177) [AS577] 24.936 ms * *
4 agg2-toronto63_xe5-1-0.net.bell.ca (64.230.156.178) [AS577] 40.235
ms * *
5 lns9-toronto63_GE1-0_101.net.bell.ca (64.230.103.145) [AS577]
10.382 ms * *
6 * * *
7 * * *
8 * * *
9 * * *
Notice the second and third packet at each hop after the first router all timeout. Even when I put a long delay between packets. Looking further, I find the same response no matter what source port I use. It appears any UDP packet stream from the same port is being blocked.
I don’t see this behaviour if I allow traceroute to use random source ports for each packet, and I don’t see this on other networks.
traceroute -A -U -p 5060 70.xx.xx.200
traceroute to 70.xx.xx.200 (70.xx.xx.200), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) [*] 62.783 ms 62.759 ms 62.743 ms
2 64.230.199.2 (64.230.199.2) [AS577] 66.565 ms 66.550 ms 66.587 ms
3 64.230.232.177 (64.230.232.177) [AS577] 66.488 ms 66.487 ms 66.535 ms
4 agg2-toronto63_xe5-1-0.net.bell.ca (64.230.156.178) [AS577] 66.521
ms 66.510 ms 66.552 ms
Has anybody seen anything like this before? I’m going to send this to the ISP, but I thought I’d find out if anybody else had ever run into it.
Thanks, Darryl
One thought on - SIP Port Blocking
Darryl,
We had this with a large ISP in the US. They blamed it on a software bug. For this reason we offer clients the option to use a non standard port. It’s most likely your ISP that is blocking the port for g-d knows what reason.
Regards,
Dovid
—–Original Message—