I run sniffing software to see if there is any unaccounted for network traffic. With Ring Central desktop for a softphone running, I observe over an 8-hour period hundreds of IP connections from all kinds of countries where I have no Ring Central contacts (I only have a few in the USA). These include China, Russia, Hong Kong, Malaysia, Egypt, etc., etc. I assume that in order for one RC desktop client software anywhere in the world to know the status of another RC client anywhere else in the world, it must know it's public facing address and use the well-known and published listening port for that RC listening-port softphone app. Thus my desktop behind my firewall should be under constant (albeit throttled to prevent DDOS) attack(s) from such messaging and I assume this is why I see over 800 messages from around the world when RC is running. When I exit RC for desktop, there is no such activity.
I am surprised there is no discussion about this in the Security and network Configuration guides since after all, this is always the consequence of any application with a listening port unless you do Network Address Translation but since each desktop client has it's own unique listening port then all hackers need to do is try say 1/2 dozen or so of those well-known listening ports after doing port scans to determine that IP is listening. Then they can send messages at a rate that doesn't draw the attention of the firewall. And noone wants to be in the blacklisting business for IP addresses as this is an endless task. And white listing can also be problematic and a maintenance nightmare -- do you really know where all calls are going to be coming from? If you have the Office product and calls are being recorded, then I am assuming it would be appropriate to use whitelisting by providing a safe set of well-known IP (or IP ranges) published by RC and which act as proxies to record the call. That makes sense but I had to figure *ALL* this out by myself from several phone calls and experiments about how the Office (paid) version works vs. how do hackers trying to use RC for free calls to each other works. And I had to pause and ask, if hackers are trying to look for vulnerabilities in the RC protocol, of what benefit would this be?
A good tech-note along these lines showing why firewalls should only permit traffic from RC servers to those well-known RC listening port would be very useful but instead they are small bullet points in a large document without painting the overarching picture. In truth, many small businesses do not even understand firewalls and the need to do this and why.
Thanks,
Harry
I am surprised there is no discussion about this in the Security and network Configuration guides since after all, this is always the consequence of any application with a listening port unless you do Network Address Translation but since each desktop client has it's own unique listening port then all hackers need to do is try say 1/2 dozen or so of those well-known listening ports after doing port scans to determine that IP is listening. Then they can send messages at a rate that doesn't draw the attention of the firewall. And noone wants to be in the blacklisting business for IP addresses as this is an endless task. And white listing can also be problematic and a maintenance nightmare -- do you really know where all calls are going to be coming from? If you have the Office product and calls are being recorded, then I am assuming it would be appropriate to use whitelisting by providing a safe set of well-known IP (or IP ranges) published by RC and which act as proxies to record the call. That makes sense but I had to figure *ALL* this out by myself from several phone calls and experiments about how the Office (paid) version works vs. how do hackers trying to use RC for free calls to each other works. And I had to pause and ask, if hackers are trying to look for vulnerabilities in the RC protocol, of what benefit would this be?
A good tech-note along these lines showing why firewalls should only permit traffic from RC servers to those well-known RC listening port would be very useful but instead they are small bullet points in a large document without painting the overarching picture. In truth, many small businesses do not even understand firewalls and the need to do this and why.
Thanks,
Harry