[asterisk-dev] Re: [Asterisk-Security] Day early and a dollar
short? (IAX2 and SIP problems)
Rich Adamson
radamson at routers.com
Wed Jul 19 06:35:01 MST 2006
Kevin P. Fleming wrote:
> ----- John Todd <jtodd at loligo.com> wrote:
>> - For each user/peer, there could exist a user-specifiable (in
>> sip.conf) counter that allows a certain number of pending un-finished
>> INVITE (or any other authentication-based transaction?) exchanges.
>
> This is what we just did in chan_iax2 to address this vulnerability.
>
Does that also address password guessing issues?
More information about the asterisk-dev
mailing list