[asterisk-bugs] [Asterisk 0018121]: Early bind of UDPTL ports can create a DoS condition

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Oct 12 10:11:47 CDT 2010 

The following issue has been SUBMITTED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=18121 
====================================================================== 
Reported By:                ebroad
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   18121
Category:                   Channels/chan_sip/T.38
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2010-10-12 10:11 CDT
Last Modified:              2010-10-12 10:11 CDT
====================================================================== 
Summary:                    Early bind of UDPTL ports can create a DoS condition
Description: 
The issue is that we bind udptl ports early on in the game, in sip_alloc(),
which can exhaust the port limit in udptl.conf quite quickly, when a flood
of invites from a (rogue) scanner with a udptl sdp payload is processed by
Asterisk. Even though the invite is ultimately challenged and/or rejected,
the port is bound, and is not released until the 32 second retry before
destroy window is up, and once all the ports are bound, service will be
denied to legitimate calls. 
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-10-12 10:11 ebroad         New Issue                                    
2010-10-12 10:11 ebroad         Asterisk Version          => SVN             
2010-10-12 10:11 ebroad         Regression                => No              
2010-10-12 10:11 ebroad         SVN Branch (only for SVN checkouts, not tarball
releases) =>  trunk          
======================================================================

More information about the asterisk-bugs mailing list