[asterisk-dev] Asterisk version 1.2.13 still DoS'able

J. Oquendo sil at infiltrated.net
Fri Dec 1 06:50:10 MST 2006


Asterisk version 1.2.13 still suffers from the Asteroid Denial of 
Service attack to some extent. Although the daemon isn't crashing, it is 
not accessible while under an attack nor will it allow any lines to 
register. This is both local and remote.

bash-3.2# uname -a
NetBSD excalibur 3.0 NetBSD 3.0 (EXCALIBUR) #0: Mon Dec 19 01:04:02 UTC 
2005  sil at excalibur.disgraced.org:/usr/obj/usr/src/sys/EXCALIBUR i386
bash-3.2# gdb asterisk
(gdb) run -r
Starting program: /usr/pkg/sbin/asterisk -r
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Asterisk 1.2.13, Copyright (C) 1999 - 2006 Digium, Inc. and others.
Created by Mark Spencer <markster at digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'show warranty' for 
details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it 
under
certain conditions. Type 'show license' for details.
=========================================================================
Connected to Asterisk <Version Unknown> currently running on Server 
failed to create pipe
 (pid = -1)
Server failed to create pipe
*CLI>
Disconnected from Asterisk server
(no debugging symbols found)...
Program exited normally.
(gdb) run -r
Starting program: /usr/pkg/sbin/asterisk -r
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Asterisk 1.2.13, Copyright (C) 1999 - 2006 Digium, Inc. and others.
Created by Mark Spencer <markster at digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'show warranty' for 
details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it 
under
certain conditions. Type 'show license' for details.
=========================================================================
(no debugging symbols found)...
Program received signal SIGPIPE, Broken pipe.
[Switching to LWP 1]
0xbd9dbe7b in write () from /usr/lib/libc.so.12
(gdb) run -r
Starting program: /usr/pkg/sbin/asterisk -r
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Asterisk 1.2.13, Copyright (C) 1999 - 2006 Digium, Inc. and others.
Created by Mark Spencer <markster at digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'show warranty' for 
details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it 
under
certain conditions. Type 'show license' for details.
=========================================================================
Connected to Asterisk <Version Unknown> currently running on Server 
failed to create pipe
 (pid = -1)
Server failed to create pipe
*CLI>
Disconnected from Asterisk server
(no debugging symbols found)...
Program exited normally.
(gdb)

-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.digium.com/pipermail/asterisk-dev/attachments/20061201/6012518e/smime.bin


More information about the asterisk-dev mailing list