IP fragmentation attack and VOIP
I have a client who uses cloud hosted VOIP service provided by a respected uk based voip provider.
My client is based in a managed office where the network is managed by a 3rd party company. My clients has been experienceing intermittant issues with the phones and they have asked the network people to check that the firewall\router\vlan configuration is suitable for voip traffic.
The network people have come back saying :
They have suggested we ask the VOIP provider why this is happeneing.
I am not a networking or VOIP expert. Can someone explain more about this and perhaps suggest why these "tiny data fragments" might be occuring?
My client is based in a managed office where the network is managed by a 3rd party company. My clients has been experienceing intermittant issues with the phones and they have asked the network people to check that the firewall\router\vlan configuration is suitable for voip traffic.
The network people have come back saying :
I have reviewed the data captured yesterday, the problem IP address 109.*.*.70 is registered to THE VOIP PROVIDER. This is passing tiny data fragments through the firewall which is flagged as a security threat as this method is also used to hack routers and firewalls, this throws up an alarm and is blocked.
They have suggested we ask the VOIP provider why this is happeneing.
I am not a networking or VOIP expert. Can someone explain more about this and perhaps suggest why these "tiny data fragments" might be occuring?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It could be a number of things, but most likely would lie with how the firewall is configured. However, since the network is controlled by a third party on behalf of the company running the office space, you're going to need to see whether or not they're willing to dialog with the VoIP directly (even if that means a three way call involving you as well). But I would start with asking the VoIP company for a recommended firewall configuration, because they're not necessarily going to know all of the devices. But if you do let them know about the Stormshield, they may be able to tell you about known issues.
Another possibility would involve the MTU settings on your firewall. If you're getting fragmentation issues there, that might explain your VoIP issues.
Here's an article from Netgear to help explain how to figure out your ideal MTU size to have set on your firewall: https://kb.netgear.com/198
Here's an article from Netgear to help explain how to figure out your ideal MTU size to have set on your firewall: https://kb.netgear.com/198
Any updates?
ASKER
I am not familiar with this product but following a quick search I cant see any mention of issues between VOIP provider and the device.
Although most of the search results are in french or another non-english language.