[asterisk-biz] A hacker attack on asterisk
Olle E. Johansson
oej at edvina.net
Fri Sep 4 14:09:38 CDT 2009
4 sep 2009 kl. 19.21 skrev Andy day:
> Rehan,
>
> Asterisk is likely looking at the sip headers for IP authentication
> and not
> the actual IP headers. SIP headers can be spoofed, but I don't
> believe they
> can spoof the IP packets and still have it routed properly to this
> customer
> unless they are on the same network. If the customer does a packet
> capture
> (tcpdump tethereal etc) they should see the ip and sip headers do
> not match
> on those calls. They could use IP tables or some other ACL to block
> the
> hackers.
There is a current bug in 1.6 for TCP connections (with or without
TLS) that may be in action,
where asterisk instead of looking at IP headers actually match on the
Contact:. This is wrong
and will be fixed soon in all 1.6 versions and trunk.
For UDP, we actually DO look at the IP headers when we match incoming
calls with peers.
For user matching, we do match on the From: header.
In addition we have authentication schemes for incoming calls for both
users and peers.
I do recommend ucing the ACL as well as authentication.
/O
---
oej at edvina.net - http://edvina.net
Open Unified Communication - building platforms with SIP and XMPP
From PBX to large scale implementations for carriers. Contact us today!
More information about the asterisk-biz
mailing list