Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Limiting ephemeral port range for SIP RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Is anyone aware of a way to limit the port range used by Speech Server when establishing a SIP session?

     

    My understanding is that when a client makes a SIP session establishment request for an application, speech server answers back with an invite for a random high (ephemeral) port.  From what I've read, Speech Server may answer back on any of the entire non-reserved range of ports.

     

    I am looking for a way to define or limit the port range used when establishing one of these sessions.  If this cannot be done within Speech Server itself, can we block off large portions of the range at the server level?  In other words, can we tell Windows "Don't let any application use ports 5000 - 64k" for example?

     

    The reason I want to do this is to make our IT Security people happy by allowing through a more limited range of high ports.

     

     

    Thanks...  Greg

     

    Tuesday, July 22, 2008 6:29 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    If your security staff has any real world experience they would understand that you are not any more vulnerable with 1000 open ports as opposed to 10000 open ports. The size of the port range does not indicate the potential surface of a possible attack!

    Speech Server will only accept incoming traffic when one of its ports has been allocated for a client to use.

    Keith Kabza MVP

    http://www.ocsmvp.com

     

    Thursday, July 24, 2008 10:29 PM