[asterisk-bugs] [Asterisk 0019109]: Console flooding caused by bad remote SIP peer
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Apr 12 15:49:44 CDT 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=19109
======================================================================
Reported By: aragon
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 19109
Category: Channels/chan_sip/Registration
Reproducibility: have not tried
Severity: minor
Priority: normal
Status: new
Asterisk Version: 1.4.40
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2011-04-12 15:25 CDT
Last Modified: 2011-04-12 15:49 CDT
======================================================================
Summary: Console flooding caused by bad remote SIP peer
Description:
Console is flooded by remote SIP peer.
This appears to be a Denial of Service attack using a mis-configured
remote SIP peer with no valid peer defined in Asterisk.
======================================================================
----------------------------------------------------------------------
(0133686) aragon (reporter) - 2011-04-12 15:49
https://issues.asterisk.org/view.php?id=19109#c133686
----------------------------------------------------------------------
I know someone will say this can be fixed using iptables or fail2ban
etc...
But why must Asterisk reply to each SIP registration during this DoS
attack when their is no matching SIP peer configured in Asterisk?
Issue History
Date Modified Username Field Change
======================================================================
2011-04-12 15:49 aragon Note Added: 0133686
======================================================================
More information about the asterisk-bugs
mailing list