Sign up
 Vonage  

       
 
Vonage Forum Menu

Vonage Forums
Vonage VoIP Forum
tplink Posted:
Im trying to add
my HT802 vonage
adapter to my home
network. I
currently have
...

In The Forum:
Hard Wiring - Installation
Topic:
Vonage behind switch
On Dec 05, 2016 at 06:35:11

DWSupport Posted:
After recent
Vonage update that
took place on the
4th and 5th of
Nov. E-mails with
...

In The Forum:
Vonage
Topic:
Voicemail Not Forwarding to Outlook Accounts
On Nov 10, 2016 at 12:23:26

peterlee Posted:
Had a call from a
Hospital in Ajax,
Ontario to my home
in
Scarborough, Onta
rio
...

In The Forum:
Vonage Canada
Topic:
Hospital Incoming call unable to connect
On Nov 08, 2016 at 11:59:50

TELLDOUG Posted:
I am looking for a
product that will
make my phone ring
louder so I can
hear using
...

In The Forum:
Vonage
Topic:
Looking for a ringer ameliorate
On Oct 26, 2016 at 09:21:30

HildBeft Posted:
You can recollect
password by
connecting the
router to your pc
and open the
browser
...

In The Forum:
Hard Wiring - Installation
Topic:
How to arrive at wifi password?
On Oct 20, 2016 at 05:05:49

HildBeft Posted:
Great tips..
Thanks for sharing
...

In The Forum:
Hard Wiring - Installation
Topic:
How to have Vonage and another land line?
On Oct 20, 2016 at 04:55:03

massrman Posted:
The devices are
available at
different price
margins , please
share your
estimated
...

In The Forum:
Vonage
Topic:
IP PBX for small business
On Sep 30, 2016 at 00:48:03

massrman Posted:
Hi these are most
commonly used SIP
PBX interops and
their
configuration
guides,
...

In The Forum:
Vonage
Topic:
IP PBX for small business
On Sep 30, 2016 at 00:37:45

Sammy00 Posted:
Has anyone setup a
W52p phone for
vonage? I have
a W52p with two
wireless handsets,
...

In The Forum:
Hard Wiring - Installation
Topic:
W52p Setup
On Aug 30, 2016 at 10:38:01

James44 Posted:
Hi, I am
looking for a good
Sip Trunking
provider in
Canada. they
should offer
...

In The Forum:
Vonage
Topic:
A good sip trunking provider
On Jul 17, 2016 at 23:42:46


Vonage VoIP Forums

Vonage In The News
Vonage Holdings Corp. Reports Fourth Quarter and Full Year 2013 Results

Carolyn Katz Elected to Board of Directors of Vonage Holdings Corp.

Syndication

Vonage Customer Reviews
Vonage vs. Time Warner Cable SoCal
Vonage vs. Time Warner Cable SoCal



Vonage UK Review
Vonage UK Review



Vonage Pros and Cons for 2006
Vonage Pros and Cons for 2006



Vonage, a VT2142 and a RTP300, My Experiences - A Detailed Review
Vonage, a VT2142 and a RTP300, My Experiences - A Detailed Review



Salt Lake City: impressions after several months
Salt Lake City: impressions after several months




Vonage Reviews


Post new topic   Reply to topic  Vonage® VoIP Forum - Vonage News, Reviews And Discussion » Vonage Forum Archive
Author Message
scubasteve
Vonage Forum Associate
Vonage Forum Associate


Joined: May 25, 2005
Posts: 21

PostPosted: Tue Jun 07, 2005 10:55 am    Post subject: Reply with quote Back to top

just because you have allowed ports 10000 to 20000 does not mean you have 10000 open ports. I just did a UDP scan on my PAP2 from an internal IP and found only 2 ports open - 5061 and 23486 (which seems unusual and has piqued my curiosity enough to investigate further).

The probable reason for the wide range is because the Vonage servers are telling your ata what to use in the same way that an ftp server tells the client which port to open a session on. ALthough your adapter is only using 2 ports at a time (1 for each call), the server needs to be unique across 10000 calls.
View user's profile Send private message
fatboyntn
Full Forum Member
Full Forum Member


Joined: Jan 28, 2005
Posts: 49

PostPosted: Tue Jun 07, 2005 2:09 pm    Post subject: Reply with quote Back to top

Ok, so I am going to step into it big time. You guys seem nice enough, so don't flame me too bad.

On my network I am NATed on my LAN. I have a few ports that I redirect to machines on the LAN from my router. From what I have observed, all requests are simply denied by the router on the WAN interface if they are not forwarded.

My Vonage box simply worked when I plugged it into the network.

Is there a compelling reason for me to firewall ports that refuse connections?

Am I not paranoid enough about NAT transversal?
View user's profile Send private message
paul248
Vonage Forum Evangelist
Vonage Forum Evangelist


Joined: Nov 25, 2004
Posts: 644
Location: Mountain View, CA

PostPosted: Tue Jun 07, 2005 2:39 pm    Post subject: Reply with quote Back to top

I'm not quite sure what you're asking, but I think the reason Vonage works from behind a router is that it continually sends out UDP packets on a certain port, to a certain address. When a UDP packet comes back from that address on that port, the router assumes it's part of the same "connection", and it gets routed back to the Vonage device.

However, some routers don't handle that perfectly, and screw up the "connection", which is why manual port forwarding can be helpful in some situations.

About the firewalling... routers don't just forward arbitrary packets to arbitrary computers. In order for the NAT traversal to work, it has to be initiated by something on your LAN. So, it's probably not much of a security risk, unless you've got a trojan on your computer or something.
View user's profile Send private message AIM Address
nickguy
New Forum Member
New Forum Member


Joined: Jun 04, 2005
Posts: 6

PostPosted: Tue Jun 07, 2005 3:38 pm    Post subject: Reply with quote Back to top

Well to answer the general question. No I do not think you are being paranoid about NAT traversal. NAT is a classic example of
security by obsfucation and thus is not perfect.

The problem as I see it has to do with the use of higher ports than advertised. So.... The choices are to allow udp carte blanche inbound to the ip of the TA... or use NAT/PAT to allow your
traffic inbound dependent on what port the TA request traffic on.

All this is fine on a simple home network and I suppose, depending on the architecture, only puts the TA at risk for exploitation. (an attacker would have to "guess" the open ports, or scan accordingly
and then do whatever the nefarious exploit du jour is.)

I got interested in this because my device doing NAT and firewalling, (Freebsd box) is behind a router with ACLs where I had allowed the range of ports that Vonage say to use with a static NAT translation to the inside ip I noticed that most calls would work and but some, including calls to my companyfor conference calls did not.

For testing purposes I opened up all udp and logged traffic inbound. Sure enough when I made calls to the previously non functional numbers they worked but I saw inbound traffic on the > 20000 ports....

In conclusion it would appear that unless one wishes to rely on NAT/PAT as a security model you have to allow all udp inbound
to the device, which leaves it open to potential exploit. The good news is that Vonage is cheap and that probably the worst thing that can happen is that the TA gets interfered with.
View user's profile Send private message
fatboyntn
Full Forum Member
Full Forum Member


Joined: Jan 28, 2005
Posts: 49

PostPosted: Tue Jun 07, 2005 4:02 pm    Post subject: Reply with quote Back to top

Maybe "NAT transversal" is a bad phrase to use.

I was worried that there was some new type of vulnerability in NAT that would allow an attacker to easily transverse the router on ports that are not forwarded.

I see posts all the time by folks that are firewalling their NATed connections.

What I was wondering is why would you firewall a NAT'ed network?

I don't see any reason to firewall with this type of configuration if you keep your boxen up to date and you want to allow users unrestricted access to the Internet.


Last edited by fatboyntn on Tue Jun 07, 2005 4:23 pm; edited 1 time in total
View user's profile Send private message
fatboyntn
Full Forum Member
Full Forum Member


Joined: Jan 28, 2005
Posts: 49

PostPosted: Tue Jun 07, 2005 4:19 pm    Post subject: Reply with quote Back to top

Nick, thanks for your response.
View user's profile Send private message
quixadhal
New Forum Member
New Forum Member


Joined: Mar 08, 2005
Posts: 5

PostPosted: Wed Jun 08, 2005 7:54 pm    Post subject: Good practice Reply with quote Back to top

Partially, you'd want to firewall a NAT'd network as good solid security practice. True, if your router drops all inbound packets that aren't a response to a previous outbound packet, you're probably as safe as you can be. However, I firmly believe in having every machine on my network individually secure. Thus if I replace my firewall someday and the new default behavior is to let everything in, and I forget to check... I'm still mostly safe. Also, if someone DOES find a vulnerability in my particular router, they still have to get into each machine from there.

I was only commenting on the wide port range because it doesn't seem like the client needs to open up that wide. A single port should be enough to announce an incoming call to a Vonage adapter (perhaps one per line). That packet could include the port that the client should respond to, so that the server can dynamically shuffle ports as needed, but the client end can always be on the same one. For data transmission... are we routing packets in parallel on multiple ports? I can't imagine needing more than a few, since audio data is by nature serial and too many would cause delays in reassembling the audio frames. Again, for the client end, why more than a handful?
View user's profile Send private message
fatboyntn
Full Forum Member
Full Forum Member


Joined: Jan 28, 2005
Posts: 49

PostPosted: Thu Jun 09, 2005 10:20 am    Post subject: Reply with quote Back to top

If you know how SIP works, This may be of some help to you as to why all those ports are needed.
View user's profile Send private message
happyfun
New Forum Member
New Forum Member


Joined: Feb 24, 2006
Posts: 1

PostPosted: Fri Feb 24, 2006 1:13 pm    Post subject: all those ports Reply with quote Back to top

I have read that post, and many others, and have never seen a good reason why all those ports need to be open.

If the Vonage router just maintained a single socket connection to the Vonage server, like skype does, all incoming calls could have the port negotiated (or even occur on the single socket already opened).

Firewall configs would consist of a single port number for UDP and TCP (control connection) traffic.

I have implemented such systems (vidspeak.com) and know what I'm talking about. Its just laziness on the part of the developers, or no access to the firmware of the routers they sell.
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


All times are GMT - 5 Hours

Vonage Service Plans


Vonage VoIP Members
Members List Members
New jinkikkDup
New Today 2
Yesterday 9
Total 99046

Who Is On Site
Visitors 114
Members 0
Total 114


Vonage VoIP Forum Members:
Login Here
Not a Member? You can Register Here
As a registered member you will have access to the VoIP Speed Test, Vonage Service Announcements and post comments in the
Vonage VoIP Forums

Vonage Stock Price
Value: 6.84
Change:   N/A
Up to 15 Minute Delay

Site Search
 






†AK and HI residents pay $29.95 shipping. ††Limited time offer. Valid for residents of the United States (&DC), 18 years or older, who open new accounts. Offer good while supplies last and only on new account activations. One kit per account/household. Offer cannot be combined with any other discounts, promotions or plans and is not applicable to past purchases. Good while supplies last. Allow up to 2 weeks for shipping. Other restrictions may apply.

1Unlimited calling and other services for all residential plans are based on normal residential, personal, non-commercial use. A combination of factors is used to determine abnormal use, including but not limited to: the number of unique numbers called, calls forwarded, minutes used and other factors. Subject to our Reasonable Use Policy and Terms of Service.

2Shipping and activation fees waived with 1-year agreement. An Early Termination Fee (with periodic pro-rated reductions) applies if service is terminated before the end of the first 12 months. Additional restrictions may apply. See Terms of Service for details.

HIGH SPEED INTERNET REQUIRED. †VALID FOR NEW LINES ONLY. RATES EXCLUDE INTERNET SERVICE, SURCHARGES, FEES AND TAXES. DEVICE MAY BE REFURBISHED. If you subscribe to plans with monthly minutes allotments, all call minutes placed from both from your home and registered ExtensionsTM phones will count toward your monthly minutes allotment. ExtensionsTM calls made from mobiles use airtime and may incur surcharges, depending on your mobile plan. Alarms, TTY and other systems may not be compatible. Vonage 911 service operates differently than traditional 911. See www.vonage.com/911 for details.

** Certain call types excluded.

www.vonage-forum.com is not an official Vonage support website & is independently operated.
All logos and trademarks are property of their respective owners. All comments are property of their posters.
All other www.vonage-forum.com content is © Copyright 2002 - 2013 by 4Sight Media LLC.

Thinking of signing up for Vonage but have questions?
Business and Residential customers can call Toll Free 24 hours a day at: 1-888-692-8074
No Vonage Promotion Code or Coupon Codes are required at www.vonage.com to receive any special,
best Vonage cheap deals, free sign up offers or discounts.

[ | | | | | ]

Vonage Forum Site Maps

Vonage | VoIP Forum | How VoIP Works | Wiring and Installation Page Two | International Rate Plans 2 | Internet Phone
Promotion | Vonage Review | VoIP | Broadband Phone | Free Month | Rebate | Vonnage | Vontage | VoIP | Phone Service
Phone | llamadas ilimitadas a Mexico | Latest News | VoIP Acronyms | Deal | Philippines Globe Phone | Site Maps

The Vonage Forum provides the Vonage sign up Best Offer Promotion Deal.
If you are considering signing up for Vonage and have found our Vonage News, Customer Reviews, Forums
& all other parts of this site useful, please use our Vonage Sign up page.


Vonage VoIP Phone Service is redefining communications by offering consumers
& small business VoIP Internet phones, an affordable alternative to traditional phone service.
The Vonage VoIP Forum Generated This Page In: 0.69 Seconds and 521 Pages In The Last 60 Seconds
The Vonage VoIP Forum