[asterisk-dev] Re: Asterisk servers as UDP amplifier
John Todd
jtodd at loligo.com
Sun Apr 16 21:42:29 MST 2006
>John Todd <jtodd at loligo.com> writes:
>> Next: How do you eliminate amplification attacks via INVITE, or SUBSCRIBE?
>
>Move to sip over tcp and only run rtp over a udp transport? TCP is
>nice in that you really do need to get a reply to the opening 3-way
>handshake before the communication channel is deemed open by the OS.
>It is darn hard for some attacker to guess the random values (like the
>randomized ISN) if they want to spoof someone else's address.
>
>-wolfgang
>--
>Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
>Direct SIP URL Dialing: http://www.wsrcc.com/wolfgang/phonedirectory.html
I agree, but it will be some time before Asterisk incorporates a TCP
stack, with Olle being such a slacker and only working 20 hours a
day. My company (Tello) has offered to fund the TCP effort (as long
as it incorporates TLS) and I know a few other companies have
expressed similar interest in getting it running for the community.
Others are welcome to add $ to the pot to get this going - there are
many, many reasons for getting the TCP stack included in a "correct"
manner.
In the meantime: any other ways around this?
JT
More information about the asterisk-dev
mailing list