[asterisk-dev] Follow up for Denial of Service on 1.2.13

J. Oquendo sil at infiltrated.net
Fri Dec 1 08:08:50 MST 2006 

Asterisk was hosed pretty bad after Asteroid. I launched a BYE INVITE 
REGISTER and SUBSCRIBE DoS
that somehow froze Asterisk from doing anything at all other than 
running in some paralyzed state:

Take note, I control-c'd it after about 2 minutes. Ultimately I had to 
kill -9 the PID and start it back up.

bash-3.2# asterisk -r
Asterisk 1.2.13, Copyright (C) 1999 - 2006 Digium, Inc. and others.
Created by Mark Spencer <markster at digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'show warranty' for 
details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it 
under
certain conditions. Type 'show license' for details.
=========================================================================









^C
bash-3.2# gdb asterisk
GNU gdb 5.3nb1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386--netbsdelf"...(no debugging symbols 
found)...
(gdb) run -r
Starting program: /usr/pkg/sbin/asterisk -r
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Asterisk 1.2.13, Copyright (C) 1999 - 2006 Digium, Inc. and others.
Created by Mark Spencer <markster at digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'show warranty' for 
details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it 
under
certain conditions. Type 'show license' for details.
=========================================================================

^C(no debugging symbols found)...
Program received signal SIGINT, Interrupt.
[Switching to LWP 1]
0xbd9dbf77 in read () from /usr/lib/libc.so.12
(gdb) quit
bash-3.2# asterisk -r
Unable to connect to remote asterisk (does /var/run/asterisk.ctl exist?)
bash-3.2# lsof|awk '/aster/{print $1,$9}'|uniq
asterisk /
asterisk /usr/sbin/asterisk
asterisk /usr
asterisk /lib/libz.so.0.4
asterisk /usr/pkg/lib/asterisk/modules/pbx_dundi.so
asterisk /usr/pkg/lib/asterisk/modules/pbx_spool.so
asterisk /usr/pkg/lib/asterisk/modules/pbx_config.so
asterisk /usr/pkg/lib/asterisk/modules/res_crypto.so
asterisk /usr/pkg/lib/asterisk/modules/res_features.so
asterisk /usr/pkg/lib/asterisk/modules/res_agi.so
asterisk /usr/pkg/lib/asterisk/modules/res_adsi.so
asterisk /usr/pkg/lib/asterisk/modules/res_monitor.so
asterisk /usr/pkg/lib/asterisk/modules/res_indications.so
asterisk /usr/pkg/lib/asterisk/modules/res_musiconhold.so
asterisk /lib/libcrypt.so.0.2
asterisk /lib/libc.so.12.128.2
asterisk /usr/lib/libssl.so.3.0
asterisk /lib/libcrypto.so.2.1
asterisk /usr/lib/libpthread.so.0.6
asterisk /lib/libm.so.0.2
asterisk /lib/libm387.so.0.0
asterisk /usr/lib/libcurses.so.6.1
asterisk /libexec/ld.elf_so
asterisk /dev/null
asterisk /var/log/asterisk/messages
asterisk /var/log/asterisk/event_log
asterisk /var/log/asterisk/queue_log
asterisk /usr/pkg/libdata/asterisk/astdb
asterisk *:18968
asterisk *:4520
asterisk cnt=104,
asterisk *:5060
asterisk *:2727
asterisk *:4569
asterisk *:sieve
asterisk /var
asterisk *:18969
asterisk *:18624
asterisk *:18625
asterisk *:14814
asterisk *:14815
asterisk *:19698
asterisk *:19699
asterisk *:15294
asterisk *:15295
asterisk *:11804
asterisk *:11805
asterisk *:16154
asterisk *:16155
asterisk *:17750
asterisk *:17751
asterisk *:16800
asterisk *:16801
asterisk *:19460
asterisk *:19461
asterisk *:16198
asterisk *:16199
asterisk *:15974
asterisk *:15975
asterisk *:16392
asterisk *:16393
asterisk *:15160
asterisk *:15161
asterisk *:12076
asterisk *:12077
asterisk *:19964
asterisk *:19965
asterisk *:18524
asterisk *:18525
asterisk *:10792
asterisk *:10793
asterisk *:amanda
asterisk *:12772
asterisk *:12773
asterisk *:13830
asterisk *:13831
asterisk *:13576
asterisk *:13577
asterisk *:11050
asterisk *:11051

bash-3.2# kill -9 25042
bash-3.2# asterisk
bash-3.2# asterisk -r
Asterisk 1.2.13, Copyright (C) 1999 - 2006 Digium, Inc. and others.
Created by Mark Spencer <markster at digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'show warranty' for 
details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it 
under
certain conditions. Type 'show license' for details.
=========================================================================
Connected to Asterisk 1.2.13 currently running on excalibur (pid = 28622)
excalibur*CLI>

-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.digium.com/pipermail/asterisk-dev/attachments/20061201/f25b5918/smime-0001.bin

More information about the asterisk-dev mailing list