IP fragmentation attack and VOIP
I have a client who uses cloud hosted VOIP service provided by a respected uk based voip provider.
My client is based in a managed office where the network is managed by a 3rd party company. My clients has been experienceing intermittant issues with the phones and they have asked the network people to check that the firewall\router\vlan configuration is suitable for voip traffic.
The network people have come back saying :
They have suggested we ask the VOIP provider why this is happeneing.
I am not a networking or VOIP expert. Can someone explain more about this and perhaps suggest why these "tiny data fragments" might be occuring?
My client is based in a managed office where the network is managed by a 3rd party company. My clients has been experienceing intermittant issues with the phones and they have asked the network people to check that the firewall\router\vlan configuration is suitable for voip traffic.
The network people have come back saying :
I have reviewed the data captured yesterday, the problem IP address 109.*.*.70 is registered to THE VOIP PROVIDER. This is passing tiny data fragments through the firewall which is flagged as a security threat as this method is also used to hack routers and firewalls, this throws up an alarm and is blocked.
They have suggested we ask the VOIP provider why this is happeneing.
I am not a networking or VOIP expert. Can someone explain more about this and perhaps suggest why these "tiny data fragments" might be occuring?
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
It could be a number of things, but most likely would lie with how the firewall is configured. However, since the network is controlled by a third party on behalf of the company running the office space, you're going to need to see whether or not they're willing to dialog with the VoIP directly (even if that means a three way call involving you as well). But I would start with asking the VoIP company for a recommended firewall configuration, because they're not necessarily going to know all of the devices. But if you do let them know about the Stormshield, they may be able to tell you about known issues.
Another possibility would involve the MTU settings on your firewall. If you're getting fragmentation issues there, that might explain your VoIP issues.
Here's an article from Netgear to help explain how to figure out your ideal MTU size to have set on your firewall: https://kb.netgear.com/198
Here's an article from Netgear to help explain how to figure out your ideal MTU size to have set on your firewall: https://kb.netgear.com/198
Any updates?
Routers
A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.
49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
I am not familiar with this product but following a quick search I cant see any mention of issues between VOIP provider and the device.
Although most of the search results are in french or another non-english language.