CounterPath Store

Buy - CounterPath Bria

for Windows, Mac and iOS/Android Devices

Interested in buying Bria for Windows?

Buy Now

Never Run a SIP Server on Port 5060

By Jim O'Brien
0

The well-known port for SIP is 5060. It’s common knowledge. Convention. You might say it’s the default. To be clear RFC 3261 says: “If the port is absent, the default value depends on the transport. It is 5060 for UDP, TCP and SCTP, 5061 for TLS.”

mark-duffel-422279-1024x731Port 5060 isn't your only option.

The rule is there is no rule. Which is great!

In most if not all SIP clients you can specify a port to connect to on a SIP server or proxy. You can also setup DNS SRV for your domain or SIP server’s name to allow clients (maybe scanners and attackers?) to find the correct non-standard SIP port.

So using an alternate SIP port on your server is easy. But why would you want to?

Here are a few reasons:

1) Choosing a more obscure port for your SIP server is a good idea because it circumvents the most basic SIP scanning. Your server will still get scanned, but being a less obvious target is a good thing.

2) More importantly, in devices like mobile hotspots, home routers, and metro WiFi networks there is a class called Application Layer/Level Gateways (ALG):

  • Things like Cisco PIX’s SIP Fix-up feature
  • A network process that believes it can be helpful (and rarely is)
    • It's designed to specifically stop the use of SIP clients within or on a network 
mobile phone
Go on, try a new port!

In both these cases running a SIP server not on port 5060 has its benefits. Most scanners blindly look for responses from servers listening on 5060. Most ALGs don’t know what you might be connecting to on port 15555, so they let the traffic pass without mangling it.

To learn more about CounterPath and SIP phones, visit our product page.

See Products

Jim O'Brien

About Jim O'Brien

Jim O’Brien is the Vice President of Server Engineering for CounterPath and directs his team in architecting, building and supporting server solutions that work closely with CounterPath softphone applications. Jim designed, launched, and supported wholesale and enterprise VoIP networks for GTE, Genuity, and Level(3). Jim joined CounterPath with the acquisition of BridgePort Networks in 2008.