Limiting ephemeral port range for SIP RRS feed

  • Question

  • Is anyone aware of a way to limit the port range used by Speech Server when establishing a SIP session?


    My understanding is that when a client makes a SIP session establishment request for an application, speech server answers back with an invite for a random high (ephemeral) port.  From what I've read, Speech Server may answer back on any of the entire non-reserved range of ports.


    I am looking for a way to define or limit the port range used when establishing one of these sessions.  If this cannot be done within Speech Server itself, can we block off large portions of the range at the server level?  In other words, can we tell Windows "Don't let any application use ports 5000 - 64k" for example?


    The reason I want to do this is to make our IT Security people happy by allowing through a more limited range of high ports.



    Thanks...  Greg


    Tuesday, July 22, 2008 6:29 PM

All replies

  • If your security staff has any real world experience they would understand that you are not any more vulnerable with 1000 open ports as opposed to 10000 open ports. The size of the port range does not indicate the potential surface of a possible attack!

    Speech Server will only accept incoming traffic when one of its ports has been allocated for a client to use.

    Keith Kabza MVP



    Thursday, July 24, 2008 10:29 PM