Thanks for the response Burris. I read in another topic that Mike doesn't forward any ports but also doesn't have the router firewall enabled.
I have all the logging turned on and the log is consistently full of these attempts. What worries me is since the Grandstream is basically part of my internal network, if an vulnerability is found, they can use these forwarded ports to access other devices/computers on my network. A couple years ago, I only need to forward range 5004-6000 with my old Dlink DIR-655 and Voipo service worked great. But then that router died and I replaced it with the Netgear. I believe I tried to use the same range and it didn't work, so support said I had to use that huge range. The service has been fine but lately we've noticed some slowness at times and when the logs are checked, I've discovered botnets basically DoSing my connection on those forwarded ports (usually in the 33000+ range).
I'm wondering if port triggering could be used in conjunction with port forwarding. For example, if the incoming call always hits port 5060 first then negotiates a different/dynamic port, it seems like I could forward only 5060 to the ATA and then use port triggering to open that huge range which would only stay open while on the call and timeout/close when finished. I haven't had time to research this more or try it (WAF needs to stay high).
Bookmarks