[asterisk-bugs] [LibPRI 0012478]: IC_NEW + IC_ACK recreates reflective amplification DoS

noreply at bugs.digium.com noreply at bugs.digium.com
Fri Apr 18 13:22:20 CDT 2008 

The following issue has been SUBMITTED. 
====================================================================== 
http://bugs.digium.com/view.php?id=12478 
====================================================================== 
Reported By:                javantea
Assigned To:                mattf
====================================================================== 
Project:                    LibPRI
Issue ID:                   12478
Category:                   General
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     assigned
Asterisk Version:           1.4.19 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             04-18-2008 13:22 CDT
Last Modified:              04-18-2008 13:22 CDT
====================================================================== 
Summary:                    IC_NEW + IC_ACK recreates reflective amplification
DoS
Description: 
The original protocol flaw with IC_NEW was documented here.
http://bugs.digium.com/view.php?id=10078
IC_NEW creates a new unauthenticated call with servers that allow it.
The fix that Asterisk added simply required an IC_ACK which can also be
spoofed. I wanted to create a new issue since it isn't exactly the same as
the old issue. I released the exploit as a framework here:
https://www.altsci.com/concepts/page.php?s=asteri&p=2
I will be speaking at Toorcon Seattle 2008 about this issue.
http://seattle.toorcon.org/2008/conference.php?id=12
I was able to cause asterisk to send 8Mbps for 30+ seconds today using
this attack without causing any harm to the system. The cost to the
attacker is 30kB. This is a 1000:1 amplification.
====================================================================== 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
04-18-08 13:22  javantea       Asterisk Version          => 1.4.19          
04-18-08 13:22  javantea       SVN Branch (only for SVN checkou => N/A          
  
======================================================================

More information about the asterisk-bugs mailing list